From olaf.gellert at intrusion-lab.net Fri Mar 2 09:41:18 2007
From: olaf.gellert at intrusion-lab.net (Olaf Gellert)
Date: Fri, 02 Mar 2007 09:41:18 +0100
Subject: Error with encrypting: unusable public key
Message-ID: <45E7E32E.4090105@intrusion-lab.net>
Hi all,
I keep getting an error trying to encrypt to the key
0xCC21E10F. The key is self-signed, gpg --check-sigs
does not complain, but still when I try to encrypt
I get:
gpg: 0xCC21E10F: skipped: unusable public key
I am using gpg 1.4.5 on a Linux box (SuSE 10.2).
Could this be a matter of algorithms? The key is
available on the keyservers. Thanks for help,
Olaf
--
Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET
Senior Researcher, www.intrusion-lab.net
PKI - and IDS - Services olaf.gellert at intrusion-lab.net
From twoaday at gmx.net Fri Mar 2 09:57:50 2007
From: twoaday at gmx.net (Timo Schulz)
Date: Fri, 02 Mar 2007 09:57:50 +0100
Subject: Error with encrypting: unusable public key
In-Reply-To: <45E7E32E.4090105@intrusion-lab.net>
References: <45E7E32E.4090105@intrusion-lab.net>
Message-ID: <45E7E70E.8080107@gmx.net>
Olaf Gellert wrote:
> 0xCC21E10F. The key is self-signed, gpg --check-sigs
> does not complain, but still when I try to encrypt
> I get:
>
> gpg: 0xCC21E10F: skipped: unusable public key
pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC
This is the information given in --edit-key. And the usage
is the solution for your problem.
It has *no* capability to encrypt data.
Timo
From olaf.gellert at intrusion-lab.net Fri Mar 2 10:43:28 2007
From: olaf.gellert at intrusion-lab.net (Olaf Gellert)
Date: Fri, 02 Mar 2007 10:43:28 +0100
Subject: Error with encrypting: unusable public key
In-Reply-To: <45E7E70E.8080107@gmx.net>
References: <45E7E32E.4090105@intrusion-lab.net> <45E7E70E.8080107@gmx.net>
Message-ID: <45E7F1C0.8010000@intrusion-lab.net>
Timo Schulz wrote:
> pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC
>
> This is the information given in --edit-key. And the usage
> is the solution for your problem.
> It has *no* capability to encrypt data.
Thanx, I missed that. So this is one of the "sign only"
keys and to enable encryption, one would add an encryption
only subkey?
Olaf
--
Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET
Senior Researcher, www.intrusion-lab.net
PKI - and IDS - Services olaf.gellert at intrusion-lab.net
From twoaday at gmx.net Fri Mar 2 10:57:58 2007
From: twoaday at gmx.net (Timo Schulz)
Date: Fri, 02 Mar 2007 10:57:58 +0100
Subject: Error with encrypting: unusable public key
In-Reply-To: <45E7F1C0.8010000@intrusion-lab.net>
References: <45E7E32E.4090105@intrusion-lab.net> <45E7E70E.8080107@gmx.net>
<45E7F1C0.8010000@intrusion-lab.net>
Message-ID: <45E7F526.8010500@gmx.net>
Olaf Gellert wrote:
> keys and to enable encryption, one would add an encryption
> only subkey?
IIRC, it is not possible to change the capabilities of an
existing key with GPG. Somebody might correct me if I'm wrong.
And yes, the only way to encrypt to this key is to add an
encryption subkey to it.
It is also possible that people have separate keys for
certifying/signing and encryption.
Timo
From laurent.jumet at skynet.be Fri Mar 2 11:05:48 2007
From: laurent.jumet at skynet.be (Laurent Jumet)
Date: Fri, 02 Mar 2007 11:05:48 +0100
Subject: Error with encrypting: unusable public key
In-Reply-To: <45E7F1C0.8010000@intrusion-lab.net>
Message-ID:
Hello Olaf !
Olaf Gellert wrote:
>> pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC
>>
>> This is the information given in --edit-key. And the usage
>> is the solution for your problem.
>> It has *no* capability to encrypt data.
> Thanx, I missed that. So this is one of the "sign only"
> keys and to enable encryption, one would add an encryption
> only subkey?
Not on that one, it's a RSA key.
--
Laurent Jumet
KeyID: 0xCFAF704C
From twoaday at gmx.net Fri Mar 2 13:54:59 2007
From: twoaday at gmx.net (Timo Schulz)
Date: Fri, 02 Mar 2007 13:54:59 +0100
Subject: Error with encrypting: unusable public key
In-Reply-To:
References:
Message-ID: <45E81EA3.50904@gmx.net>
Laurent Jumet wrote:
>> Thanx, I missed that. So this is one of the "sign only"
>> keys and to enable encryption, one would add an encryption
>> only subkey?
>
> Not on that one, it's a RSA key.
But if I see it correctly, it's _no_ v3 key so you can
add a subkey to this key even if it is RSA (which is
no limitation in OpenPGP).
Timo
From dshaw at jabberwocky.com Fri Mar 2 13:58:08 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 2 Mar 2007 07:58:08 -0500
Subject: Error with encrypting: unusable public key
In-Reply-To:
References: <45E7F1C0.8010000@intrusion-lab.net>
Message-ID: <20070302125808.GB3189@jabberwocky.com>
On Fri, Mar 02, 2007 at 11:05:48AM +0100, Laurent Jumet wrote:
>
> Hello Olaf !
>
> Olaf Gellert wrote:
>
> >> pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC
> >>
> >> This is the information given in --edit-key. And the usage
> >> is the solution for your problem.
> >> It has *no* capability to encrypt data.
>
> > Thanx, I missed that. So this is one of the "sign only"
> > keys and to enable encryption, one would add an encryption
> > only subkey?
>
> Not on that one, it's a RSA key.
It's okay - this is the new sort (i.e. OpenPGP or V4) of RSA key. You
can add subkeys and do anything you'd do with any other OpenPGP key.
Only the old PGP 2.x (V3) RSA keys cannot carry subkeys.
David
From laurent.jumet at skynet.be Fri Mar 2 14:49:03 2007
From: laurent.jumet at skynet.be (Laurent Jumet)
Date: Fri, 02 Mar 2007 14:49:03 +0100
Subject: Error with encrypting: unusable public key
In-Reply-To: <45E81EA3.50904@gmx.net>
Message-ID:
Hello Timo !
Timo Schulz wrote:
>>> Thanx, I missed that. So this is one of the "sign only"
>>> keys and to enable encryption, one would add an encryption
>>> only subkey?
>>
>> Not on that one, it's a RSA key.
> But if I see it correctly, it's _no_ v3 key so you can
> add a subkey to this key even if it is RSA (which is
> no limitation in OpenPGP).
I was (wrongly) thinking that a RSA key wasn't able to hold subkeys.
This one is v4:
=== Begin Windows Clipboard ===
:public key packet:
version 4, algo 1, created 1164120402, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
:user ID packet: "David A. Mundie (Dodo Magnifico) "
:signature packet: algo 1, keyid 09F096B7CC21E10F
version 4, created 1164120402, md5len 0, sigclass 13
digest algo 2, begin of digest 17 3f
hashed subpkt 2 len 4 (sig created 2006-11-21)
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (key server preferences: 80)
subpkt 16 len 8 (issuer key ID 09F096B7CC21E10F)
data: [2045 bits]
=== End Windows Clipboard ===
--
Laurent Jumet
KeyID: 0xCFAF704C
From vedaal at hush.com Fri Mar 2 16:57:15 2007
From: vedaal at hush.com (vedaal at hush.com)
Date: Fri, 02 Mar 2007 10:57:15 -0500
Subject: Error with encrypting: unusable public key
Message-ID: <20070302155716.1D4F522847@mailserver9.hushmail.com>
David Shaw dshaw at jabberwocky.com
Fri Mar 2 13:58:08 CET 2007 wrote:
>Only the old PGP 2.x (V3) RSA keys cannot carry subkeys.
and all v3 rsa keys are both sign and encrypt,
but, if anyone prefers not to have subkeys,
gnupg allows v4 rsa keys to be generate as a single key
with both sign and encrypt functions, similar to v3 keys
(but with the capability of adding a subkey at any time)
vedaal
--
Click to consolidate debt and lower month expenses
http://tagline.hushmail.com/fc/CAaCXv1QPxfCRYmrIndXP0tJiSe86TKc/
From sven at radde.name Fri Mar 2 16:32:38 2007
From: sven at radde.name (Sven Radde)
Date: Fri, 02 Mar 2007 16:32:38 +0100
Subject: OpenPGP card's RNG
Message-ID: <45E84396.90908@radde.name>
Hallo!
Does GnuPG (1.4.6 / WinXP) use the internal random number generator of
the OpenPGP smart card?
In other words: Is it useful to keep the card in the reader when running
GnuPG even when I am not using the card directly (i.e. encrypt only)?
I'm just curious because I noticed the "GET CHALLENGE" command while
reading through the card spec...
Have fun,
Sven Radde
From erikvanderhasselt at yahoo.com Fri Mar 2 18:45:21 2007
From: erikvanderhasselt at yahoo.com (Goya)
Date: Fri, 2 Mar 2007 09:45:21 -0800 (PST)
Subject: GnuPG and libksba-1.0.1
Message-ID: <9274053.post@talk.nabble.com>
Hello,
I am installing for the first time GnuPG on FreeBSD. I've downloaded GnuGP
and all the required libraries and compiled those.
I've set the environment variables to (as instructed in the message I got
after compiling the libpth library)
LD_LIBRARY_PATH /usr/local/lib
LD_RUN_PATH /usr/local/lib
When I ran the GnuPG configure file and it went all the way to the end but
one message caught my eye. It told that libksba-1.0.1 wasn't correct
installed.
Can anyone tell me what this means? When I installed libksba library I ran
configure, make and make install and it gave no messages. Did I do anything
wrong?
Regards,
Goya
--
View this message in context: http://www.nabble.com/GnuPG-and-libksba-1.0.1-tf3334911.html#a9274053
Sent from the GnuPG - User mailing list archive at Nabble.com.
From wk at gnupg.org Mon Mar 5 12:58:31 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 05 Mar 2007 12:58:31 +0100
Subject: OpenPGP card's RNG
In-Reply-To: <45E84396.90908@radde.name> (Sven Radde's message of "Fri\, 02 Mar
2007 16\:32\:38 +0100")
References: <45E84396.90908@radde.name>
Message-ID: <874pozgavs.fsf@wheatstone.g10code.de>
On Fri, 2 Mar 2007 16:32, sven at radde.name said:
> Does GnuPG (1.4.6 / WinXP) use the internal random number generator of
> the OpenPGP smart card?
No, it does not use the card's RNG,
Shalom-Salam,
Werner
From dougb at dougbarton.us Mon Mar 5 23:57:07 2007
From: dougb at dougbarton.us (Doug Barton)
Date: Mon, 05 Mar 2007 14:57:07 -0800
Subject: GnuPG and libksba-1.0.1
In-Reply-To: <9274053.post@talk.nabble.com>
References: <9274053.post@talk.nabble.com>
Message-ID: <45ECA043.4010805@dougbarton.us>
Goya wrote:
> Hello,
>
> I am installing for the first time GnuPG on FreeBSD. I've downloaded GnuGP
> and all the required libraries and compiled those.
Is there any reason you're not using the ports system? It would handle
all these issues for you.
Doug
--
If you're never wrong, you're not trying hard enough
From wk at gnupg.org Tue Mar 6 09:02:45 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 06 Mar 2007 09:02:45 +0100
Subject: [Announce] Multiple Messages Problem in GnuPG and GPGME
Message-ID: <873b4ibxzu.fsf@wheatstone.g10code.de>
Multiple Messages Problem in GnuPG and GPGME
==============================================
2007-03-05
Summary
=======
Gerardo Richarte from Core Security Technologies identified a problem
when using GnuPG in streaming mode.
The problem is actually a variant of a well known problem in the way
signed material is presented in a MUA. It is possible to insert
additional text before or after a signed (or signed and encrypted)
OpenPGP message and make the user believe that this additional text is
also covered by the signature. The Core Security advisory describes
several variants of the attack; they all boil down to the fact that it
might not be possible to identify which part of a message is actually
signed if gpg is not used correctly.
[ Please do not send private mail in response to this message. The
mailing list gnupg-devel is the best place to discuss this problem
(please subscribe first so you don't need moderator approval [1]). ]
Impact
======
All applications using GnuPG without properly using the status
interface to verify signed or signed and encrypted messages.
All GPGME versions up to and including 1.1.3.
Starting with version 1.4.7 and 2.0.3, GnuPG implements an additional
and sufficient protection against this common usage problem.
Detached signatures are in no way affected by this problem.
Description
===========
When using gpg (or gpg2) in a pipeline or with redirected input and
output additional data may be inserted into a message. This allows to
forge a signed message by prefixing it with arbitrary material. A way
to create such a message is:
echo "This is my sneaky plaintext message" > foobar.txt
gpg -z0 --output prefix.gpg --store foobar.txt
cat prefix.gpg original-signed-message.gpg > forged.gpg
Using gpg naively this results in:
$ gpg "
[...]
and thus gives the impression that the sneaky message is part of the
signed Groucho quote. The correct way to use gpg with redirection is
by taking care of the status interface:
$ gpg --status-fd 1
gpg: Good signature from "Alfa Test (demo key) "
[...]
Here the PLAINTEXT status lines clearly identify the start of a new
message.
Note, that using gpg on the command line is in almost all cases not
done with redirection but by letting gpg save the the signed message.
In this case gpg will save the message to different files or in case
the file names are identical, prompt the over to overwrite the first
one again.
Because the problem of identifying the actual signed content when
mixing the signed data and the signature is very common, the long
standing suggestion for all digital signatures is to use a detached
signature. A detached signature allows to clearly identify what is
signed and what is the signature. This is also the reason why
PGP/MIME signed messages are in general to be preferred over the old
style clear signed messages.
Solution
========
Given that there are many applications in use which are subject to the
described problem, we have decided to change GnuPG so that such forged
OpenPGP messages are detected and the signature verification will
fail. GnuPG 1.4.7 has been released today and is available from the
usual places [2]. If you don't want to update, a minimal patch
against GnuPG 1.4.6 is available at
ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch
Many applications are using the library GPGME which implements an easy
way to process OpenPGP messages using gpg. We have updated GPGME to
make it immune against this problem even if an old version of gpg is
being used. GPGME 1.1.4 is available from the usual places [2]. A
patch (against version 1.1.3 or 1.1.2) is available at
ftp://ftp.gnupg.org/gcrypt/gpgme/patches/gpgme-1.1.3-multiple-message.patch
Please note that - after applying one of these patches - some
vulnerable applications (mainly MUAs) may fail to handle certain
messages which are composed of several OpenPGP messages. To continue
the support of such messages fixing the application is required as
there is no way for GnuPG to do it.
Support
=======
g10 Code GmbH [3], a Duesseldorf based company owned and headed by
GnuPG's principal author, is currently funding GnuPG development.
Support contracts or other financial backing will greatly help us to
improve the quality of GnuPG.
Thanks
======
Gerardo Richarte found this problem. David Shaw greatly helped to
analyse and describe the core of the problem.
[1] See http://lists.gnupg.org/mailman/listinfo/gnupg-devel
[2] See http://www.gnupg.org/download/
[3] See http://www.gnupg.org/service.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : /pipermail/attachments/20070306/ce639d51/attachment.pgp
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From rjh at sixdemonbag.org Tue Mar 6 16:06:55 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 6 Mar 2007 09:06:55 -0600
Subject: 1.4.7 packages for OS X
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I've taken the liberty of packaging up 1.4.7 for OS X. (I apologize
to Benjamin if I'm stepping on his toes here; by my recollection,
he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.)
They haven't been tested broadly, but so far they've worked on every
system I've thrown them at (five machines, a smattering of Intel and
PowerPC).
Please note that these packages include IDEA support, which may
(depending on your jurisdiction) give you some patent troubles.
Please be responsible and download in accordance with your region's
laws and the GNU GPL, and please only use IDEA for reading existing
messages and not for creating new ones.
Packages:
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg
Signatures for the two packages can be found at:
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg.asc
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg
Clearly, GnuPG.org is the appropriate site to refer people to for
source code. However, to keep everything according to Hoyle, source
code is also available from:
http://rjhansen.cs.uiowa.edu/~rjh/gnupg-1.4.7.tar.bz2
http://rjhansen.cs.uiowa.edu/~rjh/idea.c.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iQEcBAEBCAAGBQJF7YOPAAoJELcA9IL+r4EJDuoIAOP5dZnUCcXg62rqMcMyoOkS
RCiGIy3NGy5q4Y3nTalvScrdI08sjcP3+tlTFIu8+EMnd9iZMhdc1BEH7Pe6tADL
jVt34j4sloYVYfa5o58/gaKG3Y/3d9g/yMrfEhIq3pMC/khGiEAXboOg5LkA8dDG
b2WeplsiUWXfKKi1vZ7cwiQ7dyqV5AAltqM8JJ8rliIobthcAXHIE8BeNA8dDmhD
HAp+O7QF/vf2uMSSVuWQ7g6W30EVzp7UXbJf2YrXdrGQ/JFx5DzH6+gpCvJW5abV
mI8Ym9PT2hWjKMEgXTvyUdP/QEh9i4MKam+CTcA0BjYWwd7zAC5N2+VaCXT/oLQ=
=Ev4J
-----END PGP SIGNATURE-----
From svt at teris.de Tue Mar 6 20:26:38 2007
From: svt at teris.de (Sebastian von Thadden)
Date: Tue, 06 Mar 2007 20:26:38 +0100
Subject: Restore Smart-Card-Manuel
Message-ID: <45EDC06E.1030006@teris.de>
Hi,
since 2 years, I'm using pgp. It's very nice.
Today I've got 2 pgp-smartcards.
The frist one works very good. Everything works good.
Now, I want to test, what happens when I lost this card or it's broken.
I've both cards, the public key and an .pgp-file.
I searched google for over 2 hours, but I only found an entry in this
lists. But the user did not complete the restore.
(http://marc.theaimsgroup.com/?l=gnupg-users&m=115027667302076&w=2)
Is here any expert than can post a step-by-step guide to get my
backup-card working ?
This restore-procedure should be published on any smartcard-howto.
Thanks from Germany
Bye,
Sebastian
From johanw at vulcan.xs4all.nl Wed Mar 7 00:44:56 2007
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Wed, 7 Mar 2007 00:44:56 +0100 (MET)
Subject: [Announce] Multiple Messages Problem in GnuPG and GPGME
In-Reply-To: <873b4ibxzu.fsf@wheatstone.g10code.de>
Message-ID: <200703062344.l26Niugw018096@vulcan.xs4all.nl>
Werner Koch wrote:
>GnuPG 1.4.7 has been released today and is available from the
>usual places [2].
Compiles and runs OK on Slackware Linux 10.0 with kernel 2.6.17.6.
One small point:
vulcan:~> gpg --version
gpg (GnuPG) 1.4.7
Copyright (C) 2006 Free Software Foundation, Inc.
[...]
The 2006 needs to be updated to 2007.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
From reynt0 at cs.albany.edu Wed Mar 7 02:51:10 2007
From: reynt0 at cs.albany.edu (reynt0)
Date: Tue, 6 Mar 2007 20:51:10 -0500 (EST)
Subject: 1.4.7 packages for OS X
In-Reply-To:
References:
Message-ID:
With full appreciation for your and everyone's work,
could I ask that, when posting, people be specific
which OSX they are talking about? I'm still looking
for an easy way to get the latest gnupg but for
OS 10.3.9, not OS 10.4.x. That is, a way which
doesn't involve having to install extraneous software
with its extra level of trust (eg Fink); and which
also avoids the Apple trend to asserting Micro$oft-like
control over users' computers
(cf eg and
the links there, about 10.4, and one fears, 10.5 too);
and which also I can summarize in a "HowTo" recipe that
I can then use to distribute to academic and scientific
users who need to start using encryption and IMHO should
be encouraged to use open source.
Sorry for being wordy.
On Tue, 6 Mar 2007, Robert J. Hansen wrote:
> I've taken the liberty of packaging up 1.4.7 for OS X. (I apologize
> to Benjamin if I'm stepping on his toes here; by my recollection,
> he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.)
. . .
From rjh at sixdemonbag.org Wed Mar 7 05:17:43 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 6 Mar 2007 22:17:43 -0600
Subject: 1.4.7 packages for OS X
In-Reply-To:
References:
Message-ID: <2BE66C3E-4755-4E34-A05E-8213C39B2CAA@sixdemonbag.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> With full appreciation for your and everyone's work,
> could I ask that, when posting, people be specific
> which OSX they are talking about?
Tiger has been out for two years now; I think it's reasonable to
think that, unless specified otherwise, software will be targeting
Tiger.
> I'm still looking for an easy way to get the latest
> gnupg but for OS 10.3.9, not OS 10.4.x.
Unfortunately, I can't help you.
I would also recommend switching to one of the free Unices if you
don't want to upgrade to 10.4 or 10.5. Once 10.5 comes out, 10.3
will probably be EOLed and there will be no further security
updates. Please give serious thought to either (a) migrating to a
free UNIX or (b) upgrading to 10.4/10.5.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iQEcBAEBCAAGBQJF7jznAAoJELcA9IL+r4EJqYoH/170XHe+wl4PrrhBBi3cXm8R
XbWsjDqABTPh5yA7qfchaYFVj7jxzp6mv1G7m471qfIWGNdVsfvT+8bxP9MiL96h
guC2C6uv45vRDsOSif54F5LQIwJ1zx9Agaiu3C/k5OpuyALlTrpqJKYwQueTWX82
BneejqLUwYbTGDPOxZR7V0Q3mvBV50PyIPUmfoqRPMo5uJ/eH3iyalImNkCxmzns
ZrOD1t6IwZGyLQgOGOYYejrvk2yt9RPcgAHXGpsBkacfpHRtpLW9e+CzpV6EEgaV
BEkHobo51GsOiXympmnBwyfty4jG/VNS1wDIOtuvdWK+1zumGrjL8XC1qbh8CvE=
=JbXx
-----END PGP SIGNATURE-----
From wk at gnupg.org Wed Mar 7 09:59:02 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 07 Mar 2007 09:59:02 +0100
Subject: [Announce] Multiple Messages Problem in GnuPG and GPGME
In-Reply-To: <200703062344.l26Niugw018096@vulcan.xs4all.nl> (Johan Wevers's
message of "Wed\, 7 Mar 2007 00\:44\:56 +0100 \(MET\)")
References: <200703062344.l26Niugw018096@vulcan.xs4all.nl>
Message-ID: <87ejo14eg9.fsf@wheatstone.g10code.de>
On Wed, 7 Mar 2007 00:44, johanw at vulcan.xs4all.nl said:
> The 2006 needs to be updated to 2007.
Thanks for noting. We can do that, although it is not very important.
The term for the copyright is getting longer and longer thanks to
Mickey Mouse et al.
Shalom-Salam,
Werner
From shavital at mac.com Wed Mar 7 11:55:28 2007
From: shavital at mac.com (Charly Avital)
Date: Wed, 07 Mar 2007 12:55:28 +0200
Subject: 1.4.7 packages for OS X
In-Reply-To:
References:
Message-ID: <45EE9A20.8050009@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
reynt0 wrote the following on 3/7/07 3:51 AM:
[...]
> I'm still looking
> for an easy way to get the latest gnupg but for
> OS 10.3.9, not OS 10.4.x.
[...]
At , please scroll down to 'Files"
where you will find:
For Mac OS X 10.3.x
1.4.1, MD5: f4eb3c7d233e18fd1bf56d6bb576bbd9
Detached Sig
GnuPG 1.4.1 can be downloaded from the hyperlink as a .dmg binary installer.
I can't remember whether or which security problems 1.4.1 comported, but
you will find complementary information in that site.
All the above, until or if you decide to upgrade from 10.3.9.
Charly
Charly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRe6aHM3GMi2FW4PvAQjIuwf/VzglXbC0/gg5I3EGU4//8RHn/PZh42lA
i2P0fuTvYK4XMb1KEBz+tBdDbXRFin98w2SRoWkyDtUCrvY2DdflRtvmcwUGSt5l
CWIyIw4B1ijRYQIFenEppug63R+Wq1XZRM1lPLHDYeq/wWFAwzZP7iar9tKEjOtv
fl90YByeQw5DSllJVXD1R+QueVaBPlQA1/CkBCIBqYB771TsLsXQPFSkPBgg6s+W
D7R3irNcsvsqZbvJ0gIIlZnygLmA9MhhqQCv1I1LTUzMIjgM4EyhdJHdSbRvt9uN
gS7dEvi1fAzUHgciNXZzQwbNP0RJuNBjdTtKW/0xKAUdVk5f5hFCtg==
=KqVh
-----END PGP SIGNATURE-----
From benjamin at py-soft.co.uk Wed Mar 7 12:11:09 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Wed, 07 Mar 2007 11:11:09 +0000
Subject: 1.4.7 packages for OS X
In-Reply-To:
References:
Message-ID: <45EE9DCD.6020000@py-soft.co.uk>
Robert J. Hansen wrote:
> I've taken the liberty of packaging up 1.4.7 for OS X.
Take a look at the macgpg project at http://macgpg.sourceforge.net/
> (I apologize to Benjamin if I'm stepping on his toes here; by my recollection,
> he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.)
I've packaged up 1.4.5 and 1.4.6 and was looking at getting 1.4.7 done
asap, but you may have saved me the trouble! :)
As for the 2.x branch, there hasn't been enough interest for me to
devote considerable amounts of my time to getting it packaged up.
> Packages:
> http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg
> http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg
Join macgpg and we'll show you how to make universal binaries.
Ben
From swelter at mus.ch Wed Mar 7 15:11:05 2007
From: swelter at mus.ch (Sascha Welter)
Date: Wed, 7 Mar 2007 15:11:05 +0100
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <45EE9A20.8050009@mac.com>
References:
<45EE9A20.8050009@mac.com>
Message-ID: <20070307141105.GB6173@betabug.ch>
(Wed, Mar 07, 2007 at 12:55:28PM +0200) Charly Avital wrote/schrieb/egrapse:
> I can't remember whether or which security problems 1.4.1 comported, but
> you will find complementary information in that site.
Since we've just had a security related update to 1.4.6 and a security
related update to 1.4.7, I'd be hesitant to use or recommend 1.4.1.
> All the above, until or if you decide to upgrade from 10.3.9.
There are Macs that can't upgrade beyond 10.3.9 and that will still work
fine with that system for many years to come.
Myself I tend to compile gnupg anyway, which IIRC never was much of a
problem on 10.3.9 anyway. But I understand that some people don't have
the knowledge or confidence to do that.
Regards,
Sascha
From rjh at sixdemonbag.org Wed Mar 7 18:29:22 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 7 Mar 2007 11:29:22 -0600
Subject: 1.4.7 packages for OS X
In-Reply-To: <45EE9DCD.6020000@py-soft.co.uk>
References:
<45EE9DCD.6020000@py-soft.co.uk>
Message-ID: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> I've packaged up 1.4.5 and 1.4.6 and was looking at getting 1.4.7 done
> asap, but you may have saved me the trouble! :)
Thank you for being gracious. :)
I updated the packages (very slightly) to install into /usr/local,
instead of /usr. It seems to be a tradeoff--while I know a few OS X
users who have (for reasons inscrutable to me) elected to remove /usr/
local from their PATH, there are a fair number of OS X crypto apps
hardwired to expect it in /usr/local. Mulberry, GPGMail, etc.
The original links still work; they point to non-IDEA-enabled
builds. For completeness' sake, the links are all listed here:
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg
Signatures are available at:
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg.asc
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg.asc
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg.asc
http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg.asc
Warning: these packages still have not been extensively tested.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iQEcBAEBCAAGBQJF7vZzAAoJELcA9IL+r4EJe8wH/35U9JN32iHDdGRX9Z6I1LOy
Yeelk1QHPD/QAGMMC+4FTg3v442v4vFQxapYjVAcBJsD0hoBzpKVSQEAH1JqzVc7
1VkAcDGrdCRSYKGovOXhcv/T4bltsGUOV0NlbBX8rz1vX75Pt1UCOZsLUo0TAD7a
EtqrpSN7WlD1MjbxJXrlvJ4lWKaLUL0inmD6IG8v/XPhK6N+K2MMpbslwvorsA5d
q1+8ic5M5g1kaQDwzkFs0r5CBP2QA8F4zIW6VPNAJFswWtbHTuUR4hL5K8mtCNRN
m1Gi/An4P7h2eKurKwcmuGqdCtXl9E5zpatOGuLnsLPXq5uybMDN63dhRWtd9UI=
=3E8Y
-----END PGP SIGNATURE-----
From shavital at mac.com Wed Mar 7 18:35:57 2007
From: shavital at mac.com (Charly Avital)
Date: Wed, 07 Mar 2007 19:35:57 +0200
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <20070307141105.GB6173@betabug.ch>
References:
<45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch>
Message-ID: <45EEF7FD.8040200@mac.com>
Sascha Welter wrote the following on 3/7/07 4:11 PM:
> (Wed, Mar 07, 2007 at 12:55:28PM +0200) Charly Avital wrote/schrieb/egrapse:
>> I can't remember whether or which security problems 1.4.1 comported, but
>> you will find complementary information in that site.
>
> Since we've just had a security related update to 1.4.6 and a security
> related update to 1.4.7, I'd be hesitant to use or recommend 1.4.1.
Quite, but later versions of gnupg, as far as I have read, are not
compatible with OS X 10.3.9.
See MacGPG's web site , where different
versions of GnuPG are posted for OS 10.1.x, 10.2.x, 10.3.x, and now 10.4.x.
Apparently the "last" GnuPG version for 10.3.9 is 1.4.1. For better or
for worse.
>
>> All the above, until or if you decide to upgrade from 10.3.9.
>
> There are Macs that can't upgrade beyond 10.3.9 and that will still work
> fine with that system for many years to come.
I also have a G3 iMac, running 10.3.9, works fine.
I have even a venerable 1998 vintage Wallstreet, where I succeeded to
install Panther, but that was a long time ago.
>
> Myself I tend to compile gnupg anyway, which IIRC never was much of a
> problem on 10.3.9 anyway. But I understand that some people don't have
> the knowledge or confidence to do that.
Till now, I have compiled gnupg from source. I don't have the
knowledge, I follow the instructions set in MacGPG's web site. If or
when something goes wrong, I ask questions, get answers (most of the
time), and try to remedy. Call that confidence? I don't know.
I only know it has worked till now, including GnuPG 2.0.2
Charly
From rjh at sixdemonbag.org Wed Mar 7 18:50:50 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 7 Mar 2007 11:50:50 -0600
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com>
References:
<45EE9DCD.6020000@py-soft.co.uk>
<9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
<3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com>
Message-ID: <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> Why isn't this application packaged like normal OS X apps in an
> application bundle? Why the Unix(Linux) bundling and installing?
Usually, these "normal" OS X apps are Cocoa apps. If it has a nifty-
keen GUI on it, odds are good that it's a Cocoa app and is thus
packaged as a .app. But otherwise, odds are good that it's a regular
UNIX utility and will be packaged like a regular UNIX utility.
For instance, the Apple Developer Tools are packaged both like .apps
and like regular UNIX utilities. XCode is a Cocoa apps, and as such,
it's packaged as a .app. But Apple's C compiler is a regular UNIX
utility, and as such, it's packaged as /usr/bin/gcc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iQEcBAEBCAAGBQJF7vt6AAoJELcA9IL+r4EJmokIAMxwltRifxUIuVfQ7IKcKmiQ
uZaIetXMFswVDupBqI5QvCj1tapyQYIdyfrnTaB8vWrJmsDlQsPA3MrZE8OhRbVW
lrqmOhbWD4wSTd4+7FqI+K5VEhmaSCo4Rf9F6iXdOiKB0p4FKodgWOsdUvNsCLFk
sVpuIzr7XYynqX03rtN30pQRZXl8yVhic9gBQx34S+7y50e8GriHmshAJYaMe779
bIesznJNxNRX4bQ8XjsRGuAZV6aqI2OCKvwlNqge1xJVrWu4tLtn6eCjEvUGj650
2cxMEWXCLw+9x5SwzwKCK4j7MeIlU/6cPvXySSvF4fowv2mB4HLMM2zni03RGvM=
=OW5W
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Wed Mar 7 19:08:52 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 7 Mar 2007 13:08:52 -0500
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <45EEF7FD.8040200@mac.com>
References:
<45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch>
<45EEF7FD.8040200@mac.com>
Message-ID: <20070307180852.GA26993@jabberwocky.com>
On Wed, Mar 07, 2007 at 07:35:57PM +0200, Charly Avital wrote:
> Sascha Welter wrote the following on 3/7/07 4:11 PM:
> > (Wed, Mar 07, 2007 at 12:55:28PM +0200) Charly Avital wrote/schrieb/egrapse:
> >> I can't remember whether or which security problems 1.4.1 comported, but
> >> you will find complementary information in that site.
> >
> > Since we've just had a security related update to 1.4.6 and a security
> > related update to 1.4.7, I'd be hesitant to use or recommend 1.4.1.
>
> Quite, but later versions of gnupg, as far as I have read, are not
> compatible with OS X 10.3.9.
Do you mean binary releases from somewhere or building your own? If
you're building your own, this is not the case, or at least, should
not be the case. If compiling 1.4.7 on Panther doesn't work, report
it as a bug. I will fix it.
David
From shavital at mac.com Wed Mar 7 21:21:22 2007
From: shavital at mac.com (Charly Avital)
Date: Wed, 07 Mar 2007 22:21:22 +0200
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <20070307180852.GA26993@jabberwocky.com>
References:
<45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch>
<45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com>
Message-ID: <45EF1EC2.4010404@mac.com>
David Shaw wrote the following on 3/7/07 8:08 PM:
[...]
> Do you mean binary releases from somewhere or building your own? If
> you're building your own, this is not the case, or at least, should
> not be the case. If compiling 1.4.7 on Panther doesn't work, report
> it as a bug. I will fix it.
>
> David
Maybe I misunderstood the indications in .
I shall try to compile 1.4.7 on Panther (not just right now), and report
back.
Charly
From breen.mullins at gmail.com Wed Mar 7 21:32:33 2007
From: breen.mullins at gmail.com (Breen Mullins)
Date: Wed, 7 Mar 2007 12:32:33 -0800
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <20070307180852.GA26993@jabberwocky.com>
References:
<45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch>
<45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com>
Message-ID:
On 3/7/07, David Shaw wrote:
>
> Do you mean binary releases from somewhere or building your own? If
> you're building your own, this is not the case, or at least, should
> not be the case. If compiling 1.4.7 on Panther doesn't work, report
> it as a bug. I will fix it.
It worked for me. I didn't report success because I didn't think it
was an issue.
Breen
--
Breen Mullins
Menlo Park, Calif.
From benjamin at py-soft.co.uk Thu Mar 8 00:03:00 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Wed, 07 Mar 2007 23:03:00 +0000
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com>
References:
<45EE9DCD.6020000@py-soft.co.uk>
<9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
<3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com>
<9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org>
<8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com>
Message-ID: <45EF44A4.20508@py-soft.co.uk>
Ryan R. LaMothe wrote:
> How difficult would be it be to package this application as a .app
> bundle instead of all over the filesystem like the typical Unix
> application (which makes installing/uninstalling/upgrading a pita)?
There's nothing stopping you doing it and making the result available to
all.
Ben
From benjamin at py-soft.co.uk Thu Mar 8 00:05:09 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Wed, 07 Mar 2007 23:05:09 +0000
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <45EF1EC2.4010404@mac.com>
References: <45EE9A20.8050009@mac.com>
<20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com>
<20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com>
Message-ID: <45EF4525.90304@py-soft.co.uk>
Charly Avital wrote:
> Maybe I misunderstood the indications in .
My understanding is that the macgpg team decided to stop supporting old
versions of Mac OS.
However, the recent version of gnupg should (touch wood!) compile from
source without any (real) problems.
Ben
From benjamin at py-soft.co.uk Thu Mar 8 00:12:22 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Wed, 07 Mar 2007 23:12:22 +0000
Subject: 1.4.7 packages for OS X
In-Reply-To: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
References:
<45EE9DCD.6020000@py-soft.co.uk>
<9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
Message-ID: <45EF46D6.40406@py-soft.co.uk>
Robert J. Hansen wrote:
> I updated the packages (very slightly) to install into /usr/local,
> instead of /usr.
Um, macgpg should install to /usr/local.
> Warning: these packages still have not been extensively tested.
I haven't had chance to look at them yet. When I get time I'll finish
out the macgpg packaging instructions, which includes details on
universal binaries.
Take care,
Ben
From dshaw at jabberwocky.com Thu Mar 8 00:21:47 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 7 Mar 2007 18:21:47 -0500
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <45EF4525.90304@py-soft.co.uk>
References:
<45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch>
<45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com>
<45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk>
Message-ID: <20070307232147.GC26993@jabberwocky.com>
On Wed, Mar 07, 2007 at 11:05:09PM +0000, Benjamin Donnachie wrote:
> Charly Avital wrote:
> > Maybe I misunderstood the indications in .
>
> My understanding is that the macgpg team decided to stop supporting old
> versions of Mac OS.
>
> However, the recent version of gnupg should (touch wood!) compile from
> source without any (real) problems.
Yes indeed.
Let me reiterate: as far as I'm concerned, if the current GPG doesn't
build on a particular version of OSX, that's a bug. And I'll do my
best to fix GPG so it does build.
David
From benjamin at py-soft.co.uk Thu Mar 8 00:40:49 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Wed, 07 Mar 2007 23:40:49 +0000
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <45EF46D6.40406@py-soft.co.uk>
References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
<45EF46D6.40406@py-soft.co.uk>
Message-ID: <45EF4D81.5090907@py-soft.co.uk>
Benjamin Donnachie wrote:
>> Warning: these packages still have not been extensively tested.
> I haven't had chance to look at them yet.
I've just had a quick look at your installer and I'm afraid that it
wouldn't meet the standards set by the macgpg team. Take a look at the
documents I've sent you which should hopefully explain all.
Take care,
Ben
From benjamin at py-soft.co.uk Thu Mar 8 02:14:33 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Thu, 08 Mar 2007 01:14:33 +0000
Subject: 1.4.7 packages for OS X
In-Reply-To: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
References:
<45EE9DCD.6020000@py-soft.co.uk>
<9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
Message-ID: <45EF6379.6040909@py-soft.co.uk>
Robert J. Hansen wrote:
> The original links still work; they point to non-IDEA-enabled builds.
> For completeness' sake, the links are all listed here:
IDEA is generally best implemented as a module. That way you don't need
to worry about any patent / copyright issues.
GnuPG 1.4.7 universal binaries from the macgpg team are now available on
the website - see http://macgpg.sourceforge.net/
Ben
From rjh at sixdemonbag.org Thu Mar 8 02:39:50 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 7 Mar 2007 19:39:50 -0600
Subject: 1.4.7 packages for OS X
In-Reply-To: <45EF6379.6040909@py-soft.co.uk>
References:
<45EE9DCD.6020000@py-soft.co.uk>
<9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
<45EF6379.6040909@py-soft.co.uk>
Message-ID: <382D8729-5643-49B5-B294-49B29D2E68C8@sixdemonbag.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> IDEA is generally best implemented as a module. That way you don't
> need
> to worry about any patent / copyright issues.
I don't see any real difference between the two, really. If it's not
legal to distribute the single binary with IDEA, then it's not legal
to distribute the module. And going the module way, you wind up
getting a large number of support requests saying "I downloaded the
module, but I still can't read IDEA traffic", since people tend not
to be all that familiar with editing gpg.conf.
I should also point out, while I'm at it, that I don't recommend
using IDEA. But the old RSA/IDEA legacy is unlikely to go away
anytime soon, not as long as there's a ton of poorly-written
anonymity software that depends on PGP 2.6.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iQEcBAEBCAAGBQJF72lnAAoJELcA9IL+r4EJfdcH/jTDTWS69AXWA+IduP/gL5G6
QMWsgkRQF/tI0vyG+6jhDsdwbmRUDiFtoL+6Fp2omzq5fuzpEine2E/e/rfwhRRz
rdjkrXhpo18qTGMFEDqBw01mzGi6Oz8ZDBeNZeRUCaZzDpYTTRvw7ZbBvNDbWcTF
sq98hKUhTsiG6LXko5O7tcoDSgoatfga+HQeZn7hXPENjGWNS1vZhwRX0DoCY99X
ov5xv5QRpSlJoziOs5JZRlnCErMIW7x+dfd1SCXqbLYSa/n3UOC0fVL/XYgkdpCQ
UY87yrCuhZBVhdqK+EUd0l/J1qSJZ3wZqCPcd8xuHUEj/VQltbagq8yf6DTw8GY=
=Xuyh
-----END PGP SIGNATURE-----
From shavital at mac.com Thu Mar 8 06:21:31 2007
From: shavital at mac.com (Charly Avital)
Date: Thu, 8 Mar 2007 07:21:31 +0200
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <20070307232147.GC26993@jabberwocky.com>
References: <45EE9A20.8050009@mac.com>
<20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com>
<20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com>
<45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com>
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
At 6:21 PM -0500 3/7/07, David Shaw wrote:
[...]
>Yes indeed.
>
>Let me reiterate: as far as I'm concerned, if the current GPG doesn't
>build on a particular version of OSX, that's a bug. And I'll do my
>best to fix GPG so it does build.
>
>David
On an iMac CPU Type: PowerPC 750 (22.14) running MacOS 10.3.9 (code named
"Pahther"), compiling from source with idea.c copied to 'Cipher':
- ----------------------------
./configure: [...] Version info: gnupg 1.4.7
Configured for: Darwin (powerpc-apple-darwin7.9.0).
All 27 tests passed.
% gpg --version
gpg (GnuPG) 1.4.7
Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
- ---------------------------
Therefore, GnuPG 1.4.7 builds correctly under Mac OS 10.3.9.
I misunderstood the indications in MacGPG's web site.
Thank you David for your feedback.
Charly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: GnuPG for Privacy
iQEVAwUBRe+dRM3GMi2FW4PvAQjV5QgArePI9tr5+nHHQGwGtE27xJEvzeozlVWc
VB9lAc2D/312om6+CBaaL9dTvIIBLh08DG2jJ7PWMWoasLmxy/LaplCPwGnr283C
HEkGy0z0sqOTVxfqXE4jua6+LOsBwQE+d/FHphyPq09nMHZD5Iw0U0w6a72uYG5v
0xVwBNE3WoEX0Pr9apRv0DeqCvE81WRqMFK0QjZtor85STG05xXIcqnsVBs9NjWb
ccYk98oQqXLLsXrPT5l53BsxoUURYCKdwZWo7oXnqFvSKIDZKeVFbiacOdat4q9f
tmuI8SrqaOqQJgNrfMd5aEkuDTnG9rmnT8Tt7vgl9xE3JLhBiG1jdQ==
=Hvtf
-----END PGP SIGNATURE-----
From benjamin at py-soft.co.uk Thu Mar 8 10:13:26 2007
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Thu, 08 Mar 2007 09:13:26 +0000
Subject: 1.4.7 packages for OS X
In-Reply-To: <382D8729-5643-49B5-B294-49B29D2E68C8@sixdemonbag.org>
References:
<45EE9DCD.6020000@py-soft.co.uk>
<9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
<45EF6379.6040909@py-soft.co.uk>
<382D8729-5643-49B5-B294-49B29D2E68C8@sixdemonbag.org>
Message-ID: <45EFD3B6.8000005@py-soft.co.uk>
Robert J. Hansen wrote:
> I don't see any real difference between the two, really. If it's not
> legal to distribute the single binary with IDEA, then it's not legal to
> distribute the module. And going the module way, you wind up getting a
> large number of support requests saying "I downloaded the module, but I
> still can't read IDEA traffic", since people tend not to be all that
> familiar with editing gpg.conf.
Put simply, the module route ensures that any patent / copyright issues
are firmly the users "problem". As I understand it, the licence is not
compatible with the GPL and therefore should not be distributed with GnuPG.
Ben
From wk at gnupg.org Thu Mar 8 15:36:30 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 08 Mar 2007 15:36:30 +0100
Subject: [Announce] GnuPG 2.0.3 released
Message-ID: <87tzwvvm35.fsf@wheatstone.g10code.de>
Hello!
We are pleased to announce the availability of a new stable GnuPG-2
release: Version 2.0.3
This is bug fix release. There are also some minor enhancements.
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It can be used to encrypt data, create digital
signatures, help authenticating using Secure Shell and to provide a
framework for public key cryptography. It includes an advanced key
management facility and is compliant with the OpenPGP and S/MIME
standards.
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.6) in that
it splits up functionality into several modules. However, both
versions may be installed alongside without any conflict. In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
included in GnuPG-2 and allows for seamless passphrase caching. The
advantage of GnuPG-1 is its smaller size and the lack of dependency on
other modules at run and build time. We will keep maintaining GnuPG-1
versions because they are very useful for small systems and for server
based applications requiring only OpenPGP support.
GnuPG is distributed under the terms of the GNU General Public License
(GPL). GnuPG-2 works best on GNU/Linux or *BSD systems.
Getting the Software
====================
Please follow the instructions found at http://www.gnupg.org/download/
or read on:
GnuPG 2.0.3 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG
is not available at ftp.gnu.org.
On the FTP server and ist mirrors you should find the following files
in the *gnupg* directory:
gnupg-2.0.3.tar.bz2 (3.8M)
gnupg-2.0.3.tar.bz2.sig
GnuPG source compressed using BZIP2 and OpenPGP signature.
gnupg-2.0.3-2.0.3.diff.bz2 (29k)
A patch file to upgrade a 2.0.2 GnuPG source. The patch file
does not include updates of the language files.
Note, that we don't distribute gzip compressed tarballs.
Checking the Integrity
======================
In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:
* If you already have a trusted version of GnuPG installed, you
can simply check the supplied signature. For example to check the
signature of the file gnupg-2.0.3.tar.bz2 you would use this command:
gpg --verify gnupg-2.0.3.tar.bz2.sig
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
made by that signing key. Make sure that you have the right key,
either by checking the fingerprint of that key with other sources
or by checking that the key has been signed by a trustworthy other
key. Note, that you can retrieve the signing key using the command
finger wk ,at' g10code.com
or using a keyserver like
gpg --recv-key 1CE0C630
The distribution key 1CE0C630 is signed by the well known key
5B0358A2. If you get an key expired message, you should retrieve a
fresh copy as the expiration date might have been prolonged.
NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
* If you are not able to use an old version of GnuPG, you have to verify
the SHA-1 checksum. Assuming you downloaded the file
gnupg-2.0.3.tar.bz2, you would run the sha1sum command like this:
sha1sum gnupg-2.0.3.tar.bz2
and check that the output matches the first line from the
following list:
4680bcb96873191b331252ae40b35e39589c58ca gnupg-2.0.3.tar.bz2
901b8d9fe430e12c14d16365a08d50389c305f9a gnupg-2.0.2-2.0.3.diff.bz2
What's New
===========
* By default, do not allow processing multiple plaintexts in a single
stream. Many programs that called GnuPG were assuming that GnuPG
did not permit this, and were thus not using the plaintext boundary
status tags that GnuPG provides. This change makes GnuPG reject
such messages by default which makes those programs safe again.
--allow-multiple-messages returns to the old behavior.
* New --verify-option show-primary-uid-only.
* gpgconf may now reads a global configuration file to select which
options are changeable by a frontend. The new applygnupgdefaults
tool may be used by an admin to set default options for all users.
* The PIN pad of the Cherry XX44 keyboard is now supported. The
DINSIG and the NKS applications are now also aware of PIN pads.
Internationalization
====================
GnuPG comes with support for 27 languages. Due to a lot of new and
changed strings most translations are not entirely complete. The
Swedish, Turkish, German and Russian translations should be complete.
Documentation
=============
We are currently working on an installation guide to explain in more
detail how to configure the new features. As of now the chapters on
gpg-agent and gpgsm include brief information on how to set up the
whole thing. Please watch the GnuPG website for updates of the
documentation. In the meantime you may search the GnuPG mailing list
archives or ask on the gnupg-users mailing lists for advise on how to
solve problems. Many of the new features are around for several years
and thus enough public knowledge is already available. KDE's KMail is
the most prominent user of GnuPG. In fact it has been developed along
with the Kmail folks. Mutt users might want to use the configure
option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make
use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP
support.
The manual is also available online in HTML format at
http://www.gnupg.org/documentation/manuals/gnupg/
and as an PDF at
http://www.gnupg.org/documentation/manuals/gnupg.pdf .
Support
=======
Improving GnuPG is costly, but you can help! We are looking for
organizations that find GnuPG useful and wish to contribute back. You
can contribute by reporting bugs, improve the software, or by donating
money.
Commercial support contracts for GnuPG are available, and they help
finance continued maintenance. g10 Code GmbH, a Duesseldorf based
company owned and headed by GnuPG's principal author, is currently
funding GnuPG development. We are always looking for interesting
development projects.
A service directory is available at:
http://www.gnupg.org/service.html
Thanks
======
We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word or answering questions on the mailing
lists.
Happy Hacking,
The GnuPG Team (David, Marcus, Werner and all other contributors)
--
Werner Koch
The GnuPG Experts http://g10code.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : /pipermail/attachments/20070308/12872c7f/attachment-0001.pgp
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From reynt0 at cs.albany.edu Thu Mar 8 17:59:40 2007
From: reynt0 at cs.albany.edu (reynt0)
Date: Thu, 8 Mar 2007 11:59:40 -0500 (EST)
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To:
References: <45EE9A20.8050009@mac.com>
<20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com>
<20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com>
<45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com>
Message-ID:
I apologize if I am wasting the time of some busy
and appreciated people, but I'd like to ask for
clarification:
The latest macgpg.sourceforge.net "HowTo", v4.16,
says gcc 4.0.1 is needed. That gcc seems to be
Apple-natively available only with OS 10.4, and not
installable in 10.3.9 (with reliable result) from
currently available XCode; gcc 3.3 seems to be
the highest in XCode for 10.3. So..., what gcc do
you have and how did you get it? (If the answer is
simple, and I'm stupid, that makes me happiest
because it is least trouble for me to fix.)
On Thu, 8 Mar 2007, Charly Avital wrote:
. . .
> On an iMac CPU Type: PowerPC 750 (22.14) running MacOS 10.3.9 (code named
> "Pahther"), compiling from source with idea.c copied to 'Cipher':
. . .
> Therefore, GnuPG 1.4.7 builds correctly under Mac OS 10.3.9.
> I misunderstood the indications in MacGPG's web site.
. . .
From wk at gnupg.org Thu Mar 8 19:09:50 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 08 Mar 2007 19:09:50 +0100
Subject: external pinpad, gnupg, SPR532 PinPad SmartCard Reader
In-Reply-To: (Alex Mauer's message of "Mon\, 12
Feb 2007 11\:18\:31 -0600")
References: <200702111544.37742.MichaelParker@gmx.de>
<87d54faach.fsf__14086.0900086865$1171287201$gmane$org@wheatstone.g10code.de>
Message-ID: <87lki7txn5.fsf@wheatstone.g10code.de>
On Mon, 12 Feb 2007 18:18, hawke at hawkesnest.net said:
>> There is no support for PIN pads when using pcscd.
>
> Is this a limitation of pcscd or of GnuPG?
The standard for accessing pinpads using PC/SC is relativley new.
However, we won't support it in GnuPG becuase scdaemon is the way we
go.
Salam-Shalom,
Werner
From dshaw at jabberwocky.com Thu Mar 8 19:17:24 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 8 Mar 2007 13:17:24 -0500
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To:
References:
<45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch>
<45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com>
<45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk>
<20070307232147.GC26993@jabberwocky.com>
Message-ID: <20070308181724.GA338@jabberwocky.com>
On Thu, Mar 08, 2007 at 11:59:40AM -0500, reynt0 wrote:
> I apologize if I am wasting the time of some busy
> and appreciated people, but I'd like to ask for
> clarification:
>
> The latest macgpg.sourceforge.net "HowTo", v4.16,
> says gcc 4.0.1 is needed. That gcc seems to be
> Apple-natively available only with OS 10.4, and not
> installable in 10.3.9 (with reliable result) from
> currently available XCode; gcc 3.3 seems to be
> the highest in XCode for 10.3. So..., what gcc do
> you have and how did you get it? (If the answer is
> simple, and I'm stupid, that makes me happiest
> because it is least trouble for me to fix.)
gcc 4.0.1 is not needed to build GnuPG. You should be able to build
it with whatever version is on your Panther box.
If it doesn't work, tell me, and I'll make it work.
David
From shavital at mac.com Thu Mar 8 20:53:45 2007
From: shavital at mac.com (Charly Avital)
Date: Thu, 8 Mar 2007 21:53:45 +0200
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To:
References: <45EE9A20.8050009@mac.com>
<20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com>
<20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com>
<45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com>
Message-ID:
At 11:59 AM -0500 3/8/07, reynt0 wrote:
>I apologize if I am wasting the time of some busy
>and appreciated people, but I'd like to ask for
>clarification:
Not that busy, let's try to sort out this issue.
>
>The latest macgpg.sourceforge.net "HowTo", v4.16,
>says gcc 4.0.1 is needed.
You are right, that's what the HOWTO indicates:
-----
This document describes how to build GnuPG on Mac OS X 10.2+.
Please keep in mind that you need to have XCode 2.21 or the latest Developer
Tools with gcc 4.0.1 or later as well as the BSD Subsystem installed. Check
this by typing 'gcc -v' into the Terminal.
--------
I am not sure what happened here; maybe, and I wish to stress 'maybe' an
editing error when updating Gordon Worley's instructions.
The facts are as follows:
1. On this iMac running OS 10.3.9, I have:
Xcode 1.5, and gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1666)
As I informed in a previous e-mail, I have compiled GnuPG 1.4.7 on this
computer, without any problem.
[...]
I have included Mr. Alexander Nouak in the distribution of this answer,
hoping he will be able to clarify this matter. I know Mr. Nouak will get
this message also via macgpg-users, and I apologize for this double posting.
Charly
From nouak at zeitform.de Fri Mar 9 15:06:31 2007
From: nouak at zeitform.de (Alexander Nouak)
Date: Fri, 9 Mar 2007 15:06:31 +0100
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To:
References:
<45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch>
<45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com>
<45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk>
<20070307232147.GC26993@jabberwocky.com>
Message-ID: <75C64B4D-68DA-4F86-9938-A5327F91434F@zeitform.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Am 08.03.2007 um 20:53 schrieb Charly Avital:
> Please keep in mind that you need to have XCode 2.21 or the latest
> Developer
> Tools with gcc 4.0.1 or later as well as the BSD Subsystem
> installed. Check
> this by typing 'gcc -v' into the Terminal.
> --------
>
> I have included Mr. Alexander Nouak in the distribution of this
> answer,
> hoping he will be able to clarify this matter. I know Mr. Nouak
> will get
> this message also via macgpg-users, and I apologize for this double
> posting.
may I kindly confirm that I am the right person to be blamed for that
and I am terribly sorry for having caused this confusion. I will
correct that as soon as possible.
It is correct that you can compile gnupg on any Mac OS X >= 10.2 with
its appropriate Developer Tools installed. To compile it on an Intel
Mac or to receive Universal Binaries you will however need to use gcc
4.0.1 or later which you may find with XCode 2.21 or in the Developer
Tools for Mac OS X 10.4
HTH
Servus
Alexander
MacGPG Project Admin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFF8Wnn0HWns9BC0+sRAi0oAKCQy6SjHRoOWit0DCtj69a8zlJITwCguEwL
NBrIFwQqd4unitpliKq80Is=
=0uFn
-----END PGP SIGNATURE-----
From laurent.jumet at skynet.be Fri Mar 9 17:25:35 2007
From: laurent.jumet at skynet.be (Laurent Jumet)
Date: Fri, 09 Mar 2007 17:25:35 +0100
Subject: no-force-v3-sigs
Message-ID:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.7 (MingW32)
owNCWmg2MUFZJlNZdJmIEgAAe3///nJoRmAH/Niv/3AAf///6gBYUQJIRKgCBAGA
EDAAMkCwANlIioNAGmgAAyAAAaA0aAAB6hoaA0YhwaNGgaDQGTEBkaGQABppkAAA
wQAGqZNBPFTbVPQnqaBoNGgZNMZQG1AAG1NAPUNo0IVjWWSuyM1TmmqY8NR90zKy
12jrMdhEbD0z16J17Xgxg4pkASOuseqqEE7yFL5TI0IRut11ZSQlwrO5yqFlRiWI
oY3zLE4RvcHjpHWA5AQG3yxrwPgstSoX0dgQSpQbHiPy1Cnr8fbsuCJPXTOehj0Z
HY7dPzuHCGoCRUIP72fFyI84UC2j0fkC6L6ds7QadpOXxi5MgNxpy4WHp689ua4Z
dcig5SYaqfS4eS3xgx/u8ixjEslqSWAVBKMHlHwHf9KQIGTHAtOgciCS9I1P+LuS
KcKEg6TMQJA=
=WqE0
-----END PGP MESSAGE-----
From dshaw at jabberwocky.com Sat Mar 10 02:10:30 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 9 Mar 2007 20:10:30 -0500
Subject: no-force-v3-sigs
In-Reply-To:
References:
Message-ID: <20070310011030.GB8916@jabberwocky.com>
On Fri, Mar 09, 2007 at 05:25:35PM +0100, Laurent Jumet wrote:
> Hello !
>
> May we assume that no-force-v3-sigs is the default in 1.4.7 ?
It is not the default. It should be made the default eventually, but
it's not yet.
David
From laurent.jumet at skynet.be Sat Mar 10 05:13:23 2007
From: laurent.jumet at skynet.be (Laurent Jumet)
Date: Sat, 10 Mar 2007 05:13:23 +0100
Subject: Armor bis...
Message-ID:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.7 (MingW32)
owNCWmg2MUFZJlNZ7oQR9wAA6v///nJhSmCnx5xv/FgAv//faoFA0ojgE8kVIwDA
QACgkwQwAU1BBqjT1E1PaJinqAaepoPUZA0AyaAA0AyA9IA9Q2k80ocAA0GhoNAB
pkGhkDTQAAGQAZAZAAiYgp6nppEwmR6mhkANAANADQ0NGhkAAAApqqmdGPct1Dqt
un6INh4lgErWJRfWsJ7LSSef40GcDvpWZQwlSasmCIUVsmUFZm0e1pCGRdMZAAq4
p7EpqkRqUQmdeMtQwSSBLpl1hETl72NtL4rAUnGLXsVxWcKUH2lQ/CbgG/eWoHkc
ki4nHCyE9rKVRdUIg4NZ020LjbKfEk3lL/ZpheWCBogtpnhpxTs4WoWzaAlAsYHE
EYhERQQYNQ4IY8Z6wa4jQ0VY1eQkOhcAgxLgcYk4rGbRtqaMtdkJdKFgnwc8iW5j
M4kXCwyq0EQTI8ltCUQhORXCsbJk4SRbswWvYQrWkBPYhXeCqjQRbOgn+QG8IUgU
ICMlCQppvRN4v5Ei99yuPJFJRLjLJTEuS03KeZgZlUxTfvyaDLplGSusg/hD5LBh
PIbrCeQeUBW3C9POj/QRQzfEehHXFMXbmn+Sj7ii/UTHlyZAUkKKiECOfNN/i7ki
nChId0II+4A=
=2oJ6
-----END PGP MESSAGE-----
From laurent.jumet at skynet.be Sat Mar 10 05:09:08 2007
From: laurent.jumet at skynet.be (Laurent Jumet)
Date: Sat, 10 Mar 2007 05:09:08 +0100
Subject: Armor...
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hello !
If you see an armored message here, don't assume it's crypted, it's only
armored may be. Run GPG against it first, and delete after; and not the
contrary. :-)
ClearSign signatures may be altered through internet because of LineLenght
and Charset translations. Armored, never.
- --
Laurent Jumet
KeyID: 0xCFAF704C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iHsEAREDADsFAkXyMFY0GGh0dHA6Ly91c2Vycy5za3luZXQuYmUvbGF1cmVudC5q
dW1ldC8weENGQUY3MDRDLmFzYwAKCRD1HW2gz69wTF07AKDIkySA2wBokc6xA/c1
7qCvuHQekACg0IXdoyel2lQxvbZu8YlmpXx9xj0=
=GloY
-----END PGP SIGNATURE-----
From laurent.jumet at skynet.be Sat Mar 10 05:02:44 2007
From: laurent.jumet at skynet.be (Laurent Jumet)
Date: Sat, 10 Mar 2007 05:02:44 +0100
Subject: no-force-v3-sigs
In-Reply-To: <20070310011030.GB8916@jabberwocky.com>
Message-ID:
Hello David !
David Shaw wrote:
>> May we assume that no-force-v3-sigs is the default in 1.4.7 ?
> It is not the default. It should be made the default eventually, but
> it's not yet.
I was thinking about expiration date of subkeys: should we assume that all people who stamped one were using --no-force-v3-sigs in their gpg.conf?
Is --no-force-v3-sigs enough compatible actually to be used as default?
--
Laurent Jumet
KeyID: 0xCFAF704C
From dshaw at jabberwocky.com Sat Mar 10 06:00:45 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat, 10 Mar 2007 00:00:45 -0500
Subject: no-force-v3-sigs
In-Reply-To:
References: <20070310011030.GB8916@jabberwocky.com>
Message-ID: <20070310050045.GC8916@jabberwocky.com>
On Sat, Mar 10, 2007 at 05:02:44AM +0100, Laurent Jumet wrote:
>
> Hello David !
>
> David Shaw wrote:
>
> >> May we assume that no-force-v3-sigs is the default in 1.4.7 ?
>
> > It is not the default. It should be made the default eventually, but
> > it's not yet.
>
> I was thinking about expiration date of subkeys: should we assume
> that all people who stamped one were using --no-force-v3-sigs in
> their gpg.conf?
Subkeys get certs, not sigs. force-v3-sigs only applies to data
signatures, and never to keys or subkeys.
> Is --no-force-v3-sigs enough compatible actually to be used as default?
Eventually.
David
From dshaw at jabberwocky.com Sat Mar 10 06:02:11 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat, 10 Mar 2007 00:02:11 -0500
Subject: Armor bis...
In-Reply-To:
References:
Message-ID: <20070310050211.GD8916@jabberwocky.com>
On Sat, Mar 10, 2007 at 05:13:23AM +0100, Laurent Jumet wrote:
> -----BEGIN PGP MESSAGE-----
> Version: GnuPG v1.4.7 (MingW32)
>
> owNCWmg2MUFZJlNZ7oQR9wAA6v///nJhSmCnx5xv/FgAv//faoFA0ojgE8kVIwDA
> QACgkwQwAU1BBqjT1E1PaJinqAaepoPUZA0AyaAA0AyA9IA9Q2k80ocAA0GhoNAB
> pkGhkDTQAAGQAZAZAAiYgp6nppEwmR6mhkANAANADQ0NGhkAAAApqqmdGPct1Dqt
> un6INh4lgErWJRfWsJ7LSSef40GcDvpWZQwlSasmCIUVsmUFZm0e1pCGRdMZAAq4
> p7EpqkRqUQmdeMtQwSSBLpl1hETl72NtL4rAUnGLXsVxWcKUH2lQ/CbgG/eWoHkc
> ki4nHCyE9rKVRdUIg4NZ020LjbKfEk3lL/ZpheWCBogtpnhpxTs4WoWzaAlAsYHE
> EYhERQQYNQ4IY8Z6wa4jQ0VY1eQkOhcAgxLgcYk4rGbRtqaMtdkJdKFgnwc8iW5j
> M4kXCwyq0EQTI8ltCUQhORXCsbJk4SRbswWvYQrWkBPYhXeCqjQRbOgn+QG8IUgU
> ICMlCQppvRN4v5Ei99yuPJFJRLjLJTEuS03KeZgZlUxTfvyaDLplGSusg/hD5LBh
> PIbrCeQeUBW3C9POj/QRQzfEehHXFMXbmn+Sj7ii/UTHlyZAUkKKiECOfNN/i7ki
> nChId0II+4A=
> =2oJ6
> -----END PGP MESSAGE-----
Please do not send messages like this. Among the various problems it
causes, it renders the list archive on the web useless, and that list
archive is important for people to find information. This is what
this looks like on the web:
http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030547.html
David
From laurent.jumet at skynet.be Sat Mar 10 09:24:57 2007
From: laurent.jumet at skynet.be (Laurent Jumet)
Date: Sat, 10 Mar 2007 09:24:57 +0100
Subject: Armor bis...
In-Reply-To: <20070310050211.GD8916@jabberwocky.com>
Message-ID:
Hello David !
David Shaw wrote:
> Please do not send messages like this. Among the various problems it
> causes, it renders the list archive on the web useless, and that list
> archive is important for people to find information. This is what
> this looks like on the web:
OK.
--
Laurent Jumet
KeyID: 0xCFAF704C
From engage at n0sq.us Sat Mar 10 17:27:36 2007
From: engage at n0sq.us (engage)
Date: Sat, 10 Mar 2007 09:27:36 -0700
Subject: Armor bis...
In-Reply-To:
References:
Message-ID: <200703100927.36463.engage@n0sq.us>
Looks altered to me.
On Friday 09 March 2007 21:13, Laurent Jumet wrote:
> Hello !
>
> If you see an armored message here, don't assume it's crypted, it's
> only
armored
> may be. Run GPG against it first, and delete after; and not the contrary.
> :-)
ClearSign signatures may be altered through internet because of
> LineLenght and
> Charset translations. Armored, never.
>
> --
> Laurent Jumet
> KeyID: 0xCFAF704C
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
From bahamut at madhatt.com Sat Mar 10 22:18:18 2007
From: bahamut at madhatt.com (Andrew Berg)
Date: Sat, 10 Mar 2007 15:18:18 -0600
Subject: no-force-v3-sigs
In-Reply-To:
References:
Message-ID: <45F3209A.8020705@madhatt.com>
Laurent Jumet wrote:
> Hello Andrew !
>
> Andrew Berg wrote:
>
>>> owNCWmg2MUFZJlNZdJmIEgAAe3///nJoRmAH/Niv/3AAf///6gBYUQJIRKgCBAGA
>>> EDAAMkCwANlIioNAGmgAAyAAAaA0aAAB6hoaA0YhwaNGgaDQGTEBkaGQABppkAAA
>>> wQAGqZNBPFTbVPQnqaBoNGgZNMZQG1AAG1NAPUNo0IVjWWSuyM1TmmqY8NR90zKy
>>> 12jrMdhEbD0z16J17Xgxg4pkASOuseqqEE7yFL5TI0IRut11ZSQlwrO5yqFlRiWI
>>> oY3zLE4RvcHjpHWA5AQG3yxrwPgstSoX0dgQSpQbHiPy1Cnr8fbsuCJPXTOehj0Z
>>> HY7dPzuHCGoCRUIP72fFyI84UC2j0fkC6L6ds7QadpOXxi5MgNxpy4WHp689ua4Z
>>> dcig5SYaqfS4eS3xgx/u8ixjEslqSWAVBKMHlHwHf9KQIGTHAtOgciCS9I1P+LuS
>>> KcKEg6TMQJA=
>>> =WqE0
>
>> No one can read messages if you encrypt them to another's key. ;)
>
> It's not encrypted, only armored !
> ClearSign signatures not always work, charset problems I suppose.
>
> Before deciding you can't read a file, just run GPG against it and see.
>
How was I to know?
(I always forget that gnupg-users messages show the original sender and
not gnupg-users at gnupg.org or gnupg-users-bounces at gnupg.org as the sender)
From jharris at widomaker.com Sun Mar 11 00:43:31 2007
From: jharris at widomaker.com (Jason Harris)
Date: Sat, 10 Mar 2007 18:43:31 -0500
Subject: new (2007-03-04) keyanalyze results (+sigcheck)
Message-ID: <20070310234331.GA21271@wilma.widomaker.com>
New keyanalyze results are available at:
http://keyserver.kjsl.com/~jharris/ka/2007-03-04/
Signatures are now being checked using keyanalyze+sigcheck:
http://dtype.org/~aaronl/
Earlier reports are also available, for comparison:
http://keyserver.kjsl.com/~jharris/ka/
Even earlier monthly reports are at:
http://dtype.org/keyanalyze/
SHA-1 hashes and sizes for all the "permanent" files:
ac7e90bbddb67fc93da2fd0dd08ca05f8df3e2e0 14572584 preprocess.keys
a0331c0495134854d2772b800ed4827294b8a221 8518083 othersets.txt
d85856f699143168fad96ff71d85a059b54b2e9f 3503768 msd-sorted.txt
ee7513d6673185c48dd654a1e8e683b1f7c8788f 1450 index.html
1d03047862a50c1096baeffb910c45bb6ccaf899 2278 keyring_stats
20041ca7f218a8a647c9a556e3c0ddd75104c680 1378724 msd-sorted.txt.bz2
c75c7bc9b3bc74fcab19df58afea2fb1e8c4c326 26 other.txt
fd3d04aecfb2102b06a8edadb0cbc5b37308da59 1849064 othersets.txt.bz2
fbe406e70323704ab5ddbff3dc7f4646c227a77e 5927878 preprocess.keys.bz2
289ae4babebe3dc517e656ffc7ef94bdc7d6e368 14968 status.txt
82bef87a351447412a5381990503a744dae21eb9 194476 top1000table.html
24fd44baa56b935bb2e161133d9f41ff3c70144a 29653 top1000table.html.gz
2dfdcc48bf337724c3de823706c8bdb5d3a53f9b 9785 top50table.html
fddf52c615f22c8dccb9161215e76b989c42b48f 2529 D3/D39DA0E3
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20070310/7d31b1cb/attachment.pgp
From wk at gnupg.org Mon Mar 12 13:57:38 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 12 Mar 2007 13:57:38 +0100
Subject: gpgsm and multiple messages
Message-ID: <87mz2ivcu5.fsf@wheatstone.g10code.de>
Hi,
I have been asked how the multiple messages problem, published last
week, relates to gpgsm and thus S/MIME messages.
Well, there is no problem because S/MIME is based on CMS (formerly
known as pkcs#7) and CMS is different from OpenPGP concerning the
structure of its messages:
* CMS is not packet based but a large binary block completely defined
by an ASN.1 specification. Prefixing this data with another CMS
message won't give a valid CMS message and more important, gpgsm
will only process the first of these messages.
* gpgsm needs to be called explicitly for decryption and verification
so that the caller needs to take care of passing the decrypted
message a second time to gpgsm for signature verification.
* gpgsm uses an explicit state machine for processing of CMS data and
there is no way to restart this machine to process a second message.
Shalom-Salam,
Werner
From ryan.lamothe at quantumworx.com Wed Mar 7 19:09:03 2007
From: ryan.lamothe at quantumworx.com (Ryan R. LaMothe)
Date: Wed, 7 Mar 2007 13:09:03 -0500
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org>
References:
<45EE9DCD.6020000@py-soft.co.uk>
<9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
<3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com>
<9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org>
Message-ID: <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thank you for your reply. Although not all .app bundles are Cocoa
apps, Eclipse is a good example.
How difficult would be it be to package this application as a .app
bundle instead of all over the filesystem like the typical Unix
application (which makes installing/uninstalling/upgrading a pita)?
Thanks!
On Mar 7, 2007, at 12:50 PM, Robert J. Hansen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>> Why isn't this application packaged like normal OS X apps in an
>> application bundle? Why the Unix(Linux) bundling and installing?
>
> Usually, these "normal" OS X apps are Cocoa apps. If it has a
> nifty-keen GUI on it, odds are good that it's a Cocoa app and is
> thus packaged as a .app. But otherwise, odds are good that it's a
> regular UNIX utility and will be packaged like a regular UNIX utility.
>
> For instance, the Apple Developer Tools are packaged both
> like .apps and like regular UNIX utilities. XCode is a Cocoa apps,
> and as such, it's packaged as a .app. But Apple's C compiler is a
> regular UNIX utility, and as such, it's packaged as /usr/bin/gcc.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
> iQEcBAEBCAAGBQJF7vt6AAoJELcA9IL+r4EJmokIAMxwltRifxUIuVfQ7IKcKmiQ
> uZaIetXMFswVDupBqI5QvCj1tapyQYIdyfrnTaB8vWrJmsDlQsPA3MrZE8OhRbVW
> lrqmOhbWD4wSTd4+7FqI+K5VEhmaSCo4Rf9F6iXdOiKB0p4FKodgWOsdUvNsCLFk
> sVpuIzr7XYynqX03rtN30pQRZXl8yVhic9gBQx34S+7y50e8GriHmshAJYaMe779
> bIesznJNxNRX4bQ8XjsRGuAZV6aqI2OCKvwlNqge1xJVrWu4tLtn6eCjEvUGj650
> 2cxMEWXCLw+9x5SwzwKCK4j7MeIlU/6cPvXySSvF4fowv2mB4HLMM2zni03RGvM=
> =OW5W
> -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFF7v+/zTrtVKxWL8MRAobJAJ9PwwUUddaLmYmWzLKdQcidnUZJvACg329N
1BF0JCgj7lSK/XAbo5VTtCA=
=k8+v
-----END PGP SIGNATURE-----
From ryan.lamothe at quantumworx.com Wed Mar 7 18:36:51 2007
From: ryan.lamothe at quantumworx.com (Ryan R. LaMothe)
Date: Wed, 7 Mar 2007 12:36:51 -0500
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
References:
<45EE9DCD.6020000@py-soft.co.uk>
<9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
Message-ID: <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Why isn't this application packaged like normal OS X apps in an
application bundle? Why the Unix(Linux) bundling and installing?
On Mar 7, 2007, at 12:29 PM, Robert J. Hansen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>> I've packaged up 1.4.5 and 1.4.6 and was looking at getting 1.4.7
>> done
>> asap, but you may have saved me the trouble! :)
>
> Thank you for being gracious. :)
>
> I updated the packages (very slightly) to install into /usr/local,
> instead of /usr. It seems to be a tradeoff--while I know a few OS X
> users who have (for reasons inscrutable to me) elected to remove /usr/
> local from their PATH, there are a fair number of OS X crypto apps
> hardwired to expect it in /usr/local. Mulberry, GPGMail, etc.
>
> The original links still work; they point to non-IDEA-enabled
> builds. For completeness' sake, the links are all listed here:
>
> http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg
> http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg
> http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg
> http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg
>
> Signatures are available at:
>
> http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg.asc
> http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg.asc
> http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg.asc
> http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg.asc
>
> Warning: these packages still have not been extensively tested.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
> iQEcBAEBCAAGBQJF7vZzAAoJELcA9IL+r4EJe8wH/35U9JN32iHDdGRX9Z6I1LOy
> Yeelk1QHPD/QAGMMC+4FTg3v442v4vFQxapYjVAcBJsD0hoBzpKVSQEAH1JqzVc7
> 1VkAcDGrdCRSYKGovOXhcv/T4bltsGUOV0NlbBX8rz1vX75Pt1UCOZsLUo0TAD7a
> EtqrpSN7WlD1MjbxJXrlvJ4lWKaLUL0inmD6IG8v/XPhK6N+K2MMpbslwvorsA5d
> q1+8ic5M5g1kaQDwzkFs0r5CBP2QA8F4zIW6VPNAJFswWtbHTuUR4hL5K8mtCNRN
> m1Gi/An4P7h2eKurKwcmuGqdCtXl9E5zpatOGuLnsLPXq5uybMDN63dhRWtd9UI=
> =3E8Y
> -----END PGP SIGNATURE-----
>
> ----------------------------------------------------------------------
> ---
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
> share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?
> page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Macgpg-users mailing list
> Macgpg-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/macgpg-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFF7vgzzTrtVKxWL8MRAlFXAJ94/QozVsI+arEPj/kuDYCV3OdF8gCcCY4s
i86T1JTseNZJVVCSnErM2ms=
=9Yhv
-----END PGP SIGNATURE-----
From ryan.lamothe at quantumworx.com Thu Mar 8 00:24:00 2007
From: ryan.lamothe at quantumworx.com (Ryan R. LaMothe)
Date: Wed, 7 Mar 2007 18:24:00 -0500
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To: <45EF44A4.20508@py-soft.co.uk>
References:
<45EE9DCD.6020000@py-soft.co.uk>
<9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
<3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com>
<9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org>
<8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com>
<45EF44A4.20508@py-soft.co.uk>
Message-ID:
It's not a matter of "why not do it yourself" but a matter of "why
isn't it being done" kind of question.
A graphical installer and uninstaller for the entire suite would be
nice. Maybe I will find time to work on it, maybe someone else can too.
It is the same kind of question I ask the Mono and MonoDevelop
people, who not only did not write MonoDevelop using Windows Forms
(they used GTK), but an installation of "MonoDevelop for OS X"
requires a plethora of Fink/DarwinPorts Linux libs installed in order
to even begin using the entire package. But that is another story
for another list.
On Mar 7, 2007, at 6:03 PM, Benjamin Donnachie wrote:
> Ryan R. LaMothe wrote:
>> How difficult would be it be to package this application as a .app
>> bundle instead of all over the filesystem like the typical Unix
>> application (which makes installing/uninstalling/upgrading a pita)?
>
> There's nothing stopping you doing it and making the result
> available to
> all.
>
> Ben
>
> ----------------------------------------------------------------------
> ---
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
> share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?
> page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Macgpg-users mailing list
> Macgpg-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/macgpg-users
From jbruni at mac.com Mon Mar 12 20:48:36 2007
From: jbruni at mac.com (Joseph Oreste Bruni)
Date: Mon, 12 Mar 2007 12:48:36 -0700
Subject: [Macgpg-users] 1.4.7 packages for OS X
In-Reply-To:
References:
<45EE9DCD.6020000@py-soft.co.uk>
<9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org>
<3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com>
<9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org>
<8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com>
<45EF44A4.20508@py-soft.co.uk>
Message-ID: <11726E4D-4FB9-466F-9ABD-8F9E0B26EDDD@mac.com>
It wouldn't make sense to try to package GPG using a .app bundle
since GPG itself will most often be used from the command line. As
such, you would need to update your PATH environment variable to
include a deep reference to something like "/Applications/GnuPG/
Content/MacOS/gpg" instead of the normal location for user-installed
tools (/usr/local). In addition, if you did run it by double-clicking
what would that give you since there is no graphical user interface
and using the tool is done via command-line options?
If you really need a GUI to use GPG, trying installing one of the
many interfaces referenced from http://macgpg.sourceforge.net/. Those
are packaged as .app bundles and make sense to run via the Finder.
-Joe
PS: I noticed this message thread was being cross-posted to both
macgpg-users and gnupg-users. I'm not sure that's good etiquette, but
I'm replying to both for continuity.
On Mar 7, 2007, at 4:24 PM, Ryan R. LaMothe wrote:
> It's not a matter of "why not do it yourself" but a matter of "why
> isn't it being done" kind of question.
>
> A graphical installer and uninstaller for the entire suite would be
> nice. Maybe I will find time to work on it, maybe someone else can
> too.
>
> It is the same kind of question I ask the Mono and MonoDevelop
> people, who not only did not write MonoDevelop using Windows Forms
> (they used GTK), but an installation of "MonoDevelop for OS X"
> requires a plethora of Fink/DarwinPorts Linux libs installed in order
> to even begin using the entire package. But that is another story
> for another list.
>
>
> On Mar 7, 2007, at 6:03 PM, Benjamin Donnachie wrote:
>
>> Ryan R. LaMothe wrote:
>>> How difficult would be it be to package this application as a .app
>>> bundle instead of all over the filesystem like the typical Unix
>>> application (which makes installing/uninstalling/upgrading a pita)?
>>
>> There's nothing stopping you doing it and making the result
>> available to
>> all.
>>
>> Ben
>>
>> ---------------------------------------------------------------------
>> -
>> ---
>> Take Surveys. Earn Cash. Influence the Future of IT
>> Join SourceForge.net's Techsay panel and you'll get the chance to
>> share your
>> opinions on IT & business topics through brief surveys-and earn cash
>> http://www.techsay.com/default.php?
>> page=join.php&p=sourceforge&CID=DEVDEV
>> _______________________________________________
>> Macgpg-users mailing list
>> Macgpg-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/macgpg-users
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
From j.lysdal at gmail.com Mon Mar 12 23:47:37 2007
From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=)
Date: Mon, 12 Mar 2007 23:47:37 +0100
Subject: display bug
Message-ID: <45F5D889.6000402@gmail.com>
When i verify a data signature, isent gpg supposed to show
keyserver url with the result when i have "verify-options
show-keyserver-urls" in gpg.conf?
--
J?rgen Ch. Lysdal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 368 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070312/e4c5e440/attachment.pgp
From svt at teris.de Tue Mar 13 03:39:30 2007
From: svt at teris.de (Sebsatian von Thadden)
Date: Tue, 13 Mar 2007 03:39:30 +0100
Subject: GnuPG incompatible with windows-vista ?
Message-ID: <45F60EE2.4080809@teris.de>
Hi,
today I've made some tests with gnupg and vista.
Everything works fine, but at the moment, gnupg has to communicate with
any external keyserver, I get this result:
gpg: searching for "svt at teris.de" from hkp server subkeys.pgp.net
gpgkeys: this keyserver type only supports key retrieval
gpg: keyserver communications error: Dateilesefehler
gpg: Suche auf dem Schl?sselserver fehlgeschlagen: Dateilesefehler
When using the --debug all option, I get the same output (firstline is
config-dir, the rest is the same).
This error comes very fast. GnuPG does not search for hostnames or any
other external recource.
While these tests, the firewall was disabled.
The same commands on a winXP-System are working correct.
Can somebody verify this problem or know how I can solve it ?
I know, some people here hates Vista, me to, but as software-developer I
have to use it...:-(
Thanks
Bye,
Sebastian
From dshaw at jabberwocky.com Tue Mar 13 05:13:36 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 13 Mar 2007 00:13:36 -0400
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F60EE2.4080809@teris.de>
References: <45F60EE2.4080809@teris.de>
Message-ID: <20070313041336.GB24706@jabberwocky.com>
On Tue, Mar 13, 2007 at 03:39:30AM +0100, Sebsatian von Thadden wrote:
> Hi,
>
> today I've made some tests with gnupg and vista.
>
> Everything works fine, but at the moment, gnupg has to communicate with
> any external keyserver, I get this result:
>
> gpg: searching for "svt at teris.de" from hkp server subkeys.pgp.net
> gpgkeys: this keyserver type only supports key retrieval
> gpg: keyserver communications error: Dateilesefehler
> gpg: Suche auf dem Schl?sselserver fehlgeschlagen: Dateilesefehler
>
> When using the --debug all option, I get the same output (firstline is
> config-dir, the rest is the same).
>
> This error comes very fast. GnuPG does not search for hostnames or any
> other external recource.
>
> While these tests, the firewall was disabled.
>
> The same commands on a winXP-System are working correct.
>
> Can somebody verify this problem or know how I can solve it ?
You are either missing gpgkeys_hkp.exe or GPG can't find it (not in
your path).
David
From dshaw at jabberwocky.com Tue Mar 13 05:02:18 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 13 Mar 2007 00:02:18 -0400
Subject: display bug
In-Reply-To: <45F5D889.6000402@gmail.com>
References: <45F5D889.6000402@gmail.com>
Message-ID: <20070313040218.GA24706@jabberwocky.com>
On Mon, Mar 12, 2007 at 11:47:37PM +0100, J?rgen Christiansen Lysdal wrote:
> When i verify a data signature, isent gpg supposed to show
> keyserver url with the result when i have "verify-options
> show-keyserver-urls" in gpg.conf?
If there is a keyserver URL in the signature.
David
From j.lysdal at gmail.com Tue Mar 13 13:37:13 2007
From: j.lysdal at gmail.com (=?UTF-8?Q?J=C3=B8rgen_Lysdal?=)
Date: Tue, 13 Mar 2007 13:37:13 +0100
Subject: display bug
In-Reply-To: <20070313040218.GA24706@jabberwocky.com>
References: <45F5D889.6000402@gmail.com>
<20070313040218.GA24706@jabberwocky.com>
Message-ID: <9afe34fe0703130537m5f95ea53oe452278fed738027@mail.gmail.com>
2007/3/13, David Shaw :
>
> If there is a keyserver URL in the signature.
>
> David
arh, i thought it was ment to display keyserver url from the public
key used to verify the signature. Dident know i could store a
keyserver url with a signature, but it makes sense.
--
J?rgen Ch. Lysdal
From svt at teris.de Tue Mar 13 13:44:29 2007
From: svt at teris.de (Sebsatian von Thadden)
Date: Tue, 13 Mar 2007 13:44:29 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <20070313041336.GB24706@jabberwocky.com>
References: <45F60EE2.4080809@teris.de>
<20070313041336.GB24706@jabberwocky.com>
Message-ID: <45F69CAD.7080308@teris.de>
Hi David,
>
> You are either missing gpgkeys_hkp.exe or GPG can't find it (not in
> your path).
>
The gpgkeys_hkp.exe is in the same directory as the other files. Here is
my directory-listing:
13.03.2007 02:40 Doc
13.03.2007 02:40 gnupg.nls
05.03.2007 11:53 865.792 gpg.exe
05.03.2007 11:53 59.392 gpgkeys_curl.exe
05.03.2007 11:53 51.712 gpgkeys_finger.exe
05.03.2007 11:53 63.488 gpgkeys_hkp.exe
05.03.2007 11:53 33.280 gpgkeys_ldap.exe
05.03.2007 11:53 107.520 gpgsplit.exe
05.03.2007 11:53 371.200 gpgv.exe
14.01.2004 01:56 892.928 iconv.dll
13.03.2007 02:40 Src
13.03.2007 02:40 70.380 uninst-gnupg.exe
Can I set the path to this file in the config-file or set any
global_system_var to help gpg to find this file ?
Thanks
Bye,
Sebastian
From j.lysdal at gmail.com Tue Mar 13 13:42:03 2007
From: j.lysdal at gmail.com (=?UTF-8?Q?J=C3=B8rgen_Lysdal?=)
Date: Tue, 13 Mar 2007 13:42:03 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <20070313041336.GB24706@jabberwocky.com>
References: <45F60EE2.4080809@teris.de>
<20070313041336.GB24706@jabberwocky.com>
Message-ID: <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com>
2007/3/13, David Shaw :
> You are either missing gpgkeys_hkp.exe or GPG can't find it (not in
> your path).
>
> David
>
Anyway, even if gpg can find it, it will still not work. Gives me a
"socket error" something..
The message flashes for a very short time so i dont have time enough
to rest of it.
--
J?rgen Ch. Lysdal
From dshaw at jabberwocky.com Tue Mar 13 14:36:48 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 13 Mar 2007 09:36:48 -0400
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com>
References: <45F60EE2.4080809@teris.de>
<20070313041336.GB24706@jabberwocky.com>
<9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com>
Message-ID: <20070313133648.GB28721@jabberwocky.com>
On Tue, Mar 13, 2007 at 01:42:03PM +0100, J?rgen Lysdal wrote:
> 2007/3/13, David Shaw :
>
> > You are either missing gpgkeys_hkp.exe or GPG can't find it (not in
> > your path).
> >
> > David
> >
>
> Anyway, even if gpg can find it, it will still not work. Gives me a
> "socket error" something..
> The message flashes for a very short time so i dont have time enough
> to rest of it.
What did you do so GPG would find it?
David
From dshaw at jabberwocky.com Tue Mar 13 14:29:35 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 13 Mar 2007 09:29:35 -0400
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F69CAD.7080308@teris.de>
References: <45F60EE2.4080809@teris.de>
<20070313041336.GB24706@jabberwocky.com>
<45F69CAD.7080308@teris.de>
Message-ID: <20070313132935.GA28721@jabberwocky.com>
On Tue, Mar 13, 2007 at 01:44:29PM +0100, Sebsatian von Thadden wrote:
> Hi David,
>
> >
> > You are either missing gpgkeys_hkp.exe or GPG can't find it (not in
> > your path).
> >
>
> The gpgkeys_hkp.exe is in the same directory as the other files. Here is
> my directory-listing:
>
> 13.03.2007 02:40 Doc
> 13.03.2007 02:40 gnupg.nls
> 05.03.2007 11:53 865.792 gpg.exe
> 05.03.2007 11:53 59.392 gpgkeys_curl.exe
> 05.03.2007 11:53 51.712 gpgkeys_finger.exe
> 05.03.2007 11:53 63.488 gpgkeys_hkp.exe
> 05.03.2007 11:53 33.280 gpgkeys_ldap.exe
> 05.03.2007 11:53 107.520 gpgsplit.exe
> 05.03.2007 11:53 371.200 gpgv.exe
> 14.01.2004 01:56 892.928 iconv.dll
> 13.03.2007 02:40 Src
> 13.03.2007 02:40 70.380 uninst-gnupg.exe
>
>
> Can I set the path to this file in the config-file or set any
> global_system_var to help gpg to find this file ?
Interesting that GPG was able to find gpgkeys_curl.exe but not
gpgkeys_hkp.exe. Hmm. What version of GPG is this?
Can you send the output of your keyserver request with "--debug 1024"
added?
David
From j.lysdal at gmail.com Tue Mar 13 16:27:31 2007
From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=)
Date: Tue, 13 Mar 2007 16:27:31 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <20070313133648.GB28721@jabberwocky.com>
References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com>
<20070313133648.GB28721@jabberwocky.com>
Message-ID: <45F6C2E3.9040404@gmail.com>
David Shaw skrev:
>
> What did you do so GPG would find it?
>
> David
>
Hmm, dident do anything.. Maybe it is because i have User Account
Control turned off?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 368 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070313/87748b94/attachment.pgp
From svt at teris.de Tue Mar 13 17:54:18 2007
From: svt at teris.de (Sebsatian von Thadden)
Date: Tue, 13 Mar 2007 17:54:18 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <20070313132935.GA28721@jabberwocky.com>
References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de>
<20070313132935.GA28721@jabberwocky.com>
Message-ID: <45F6D73A.7020601@teris.de>
Hi David,
here is the output of
gpg --debug 1024 --search-key --keyserver subkeys.pgp.net test"
gpg: Optionen werden aus
'C:/Users/Sebsatian/AppData/Roaming/gnupg\gpg.conf' gel
esen
gpg: DBG: expanding string "C:\gnupg\gpgkeys_curl.exe -o "%O" "%I""
gpg: DBG: args expanded to "C:\gnupg\gpgkeys_curl.exe -o
"C:\Users\SEBSAT~1\AppD
ata\Local\Temp\gpg-53654A\tempout.txt"
"C:\Users\SEBSAT~1\AppData\Local\Temp\gpg
-53654A\tempin.txt"", use 1, keep 1
gpg: DBG: using temp file
`C:\Users\SEBSAT~1\AppData\Local\Temp\gpg-53654A\tempi
n.txt'
gpg: searching for "test" from hkp server subkeys.pgp.net
gpg: DBG: system() command is C:\gnupg\gpgkeys_curl.exe -o
"C:\Users\SEBSAT~1\Ap
pData\Local\Temp\gpg-53654A\tempout.txt"
"C:\Users\SEBSAT~1\AppData\Local\Temp\g
pg-53654A\tempin.txt"
gpgkeys: this keyserver type only supports key retrieval
gpg: keyserver communications error: Dateilesefehler
gpg: Suche auf dem Schl?sselserver fehlgeschlagen: Dateilesefehler
secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768
I set this in config
keyserver-options keep-temp-files to keep the files:
tempin.txt
-->
# This is a GnuPG 1.4.7 keyserver communications file
VERSION 1
PROGRAM 1.4.7
SCHEME hkp
HOST subkeys.pgp.net
PATH /
COMMAND SEARCH
test
-->
tempout.txt is empty (0bytes)
I hope you can help.
Bye,
Sebastian
David Shaw schrieb:
> On Tue, Mar 13, 2007 at 01:44:29PM +0100, Sebsatian von Thadden wrote:
>> Hi David,
>>
>>> You are either missing gpgkeys_hkp.exe or GPG can't find it (not in
>>> your path).
>>>
>> The gpgkeys_hkp.exe is in the same directory as the other files. Here is
>> my directory-listing:
>>
>> 13.03.2007 02:40 Doc
>> 13.03.2007 02:40 gnupg.nls
>> 05.03.2007 11:53 865.792 gpg.exe
>> 05.03.2007 11:53 59.392 gpgkeys_curl.exe
>> 05.03.2007 11:53 51.712 gpgkeys_finger.exe
>> 05.03.2007 11:53 63.488 gpgkeys_hkp.exe
>> 05.03.2007 11:53 33.280 gpgkeys_ldap.exe
>> 05.03.2007 11:53 107.520 gpgsplit.exe
>> 05.03.2007 11:53 371.200 gpgv.exe
>> 14.01.2004 01:56 892.928 iconv.dll
>> 13.03.2007 02:40 Src
>> 13.03.2007 02:40 70.380 uninst-gnupg.exe
>>
>>
>> Can I set the path to this file in the config-file or set any
>> global_system_var to help gpg to find this file ?
>
> Interesting that GPG was able to find gpgkeys_curl.exe but not
> gpgkeys_hkp.exe. Hmm. What version of GPG is this?
>
> Can you send the output of your keyserver request with "--debug 1024"
> added?
>
> David
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
From bahamut at madhatt.com Tue Mar 13 18:12:58 2007
From: bahamut at madhatt.com (Andrew Berg)
Date: Tue, 13 Mar 2007 11:12:58 -0600
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F6C2E3.9040404@gmail.com>
References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com>
<45F6C2E3.9040404@gmail.com>
Message-ID: <45F6DB9A.3030300@madhatt.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
I think that this problem came up before, and that one has to rename
gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I
can't remember).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF9tuZQkZZy5xsw6MRA4WBAKCRy9wV7k3r9HadSFSMS3QtGv7hTACgtCT7
BxNDJ4e8ZLe4UeIXAaxx6ks=
=w9Ee
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Tue Mar 13 19:35:04 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 13 Mar 2007 14:35:04 -0400
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F6D73A.7020601@teris.de>
References: <45F60EE2.4080809@teris.de>
<20070313041336.GB24706@jabberwocky.com>
<45F69CAD.7080308@teris.de>
<20070313132935.GA28721@jabberwocky.com>
<45F6D73A.7020601@teris.de>
Message-ID: <20070313183504.GB29210@jabberwocky.com>
On Tue, Mar 13, 2007 at 05:54:18PM +0100, Sebsatian von Thadden wrote:
> Hi David,
>
> here is the output of
>
> gpg --debug 1024 --search-key --keyserver subkeys.pgp.net test"
>
> gpg: Optionen werden aus
> 'C:/Users/Sebsatian/AppData/Roaming/gnupg\gpg.conf' gel
> esen
> gpg: DBG: expanding string "C:\gnupg\gpgkeys_curl.exe -o "%O" "%I""
Interesting. Can you tell me the settings of these values in config.h
when you compiled:
HAVE_DRIVE_LETTERS
DISABLE_KEYSERVER_PATH
HAVE_W32_SYSTEM
Also, do note that I don't think anyone has done a strong check of the
random number code on Vista yet, so be warned about that. I'm just
debugging the keyserver access stuff here.
David
From j.lysdal at gmail.com Tue Mar 13 19:49:17 2007
From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=)
Date: Tue, 13 Mar 2007 19:49:17 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F6DB9A.3030300@madhatt.com>
References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> <45F6C2E3.9040404@gmail.com>
<45F6DB9A.3030300@madhatt.com>
Message-ID: <45F6F22D.8010007@gmail.com>
Andrew Berg skrev:
> I think that this problem came up before, and that one has to rename
> gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I
> can't remember).
Renaming gpgkeys_hkp.exe to gpgkeys_curl.exe seems to be working.
Thanks for the tip.
What is the difference between the two?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 368 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070313/3d1b931e/attachment.pgp
From dshaw at jabberwocky.com Tue Mar 13 19:59:31 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 13 Mar 2007 14:59:31 -0400
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F6DB9A.3030300@madhatt.com>
References: <45F60EE2.4080809@teris.de>
<20070313041336.GB24706@jabberwocky.com>
<9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com>
<20070313133648.GB28721@jabberwocky.com>
<45F6C2E3.9040404@gmail.com> <45F6DB9A.3030300@madhatt.com>
Message-ID: <20070313185931.GC29210@jabberwocky.com>
On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote:
> I think that this problem came up before, and that one has to rename
> gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I
> can't remember).
This will fix HKP, but remove the ability to use HTTP. Better to fix
the bug here.
David
From rjh at sixdemonbag.org Tue Mar 13 20:51:56 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 13 Mar 2007 14:51:56 -0500
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <20070313183504.GB29210@jabberwocky.com>
References: <45F60EE2.4080809@teris.de>
<20070313041336.GB24706@jabberwocky.com>
<45F69CAD.7080308@teris.de>
<20070313132935.GA28721@jabberwocky.com>
<45F6D73A.7020601@teris.de>
<20070313183504.GB29210@jabberwocky.com>
Message-ID: <920C1548-A4C8-45F7-90E5-CFC91FE8B95A@sixdemonbag.org>
> Interesting. Can you tell me the settings of these values in config.h
> when you compiled:
For what it's worth, Vista appears to have major problems with any
program which depends on there being a libexec prefix. Whenever
using a program that uses libexec helper programs, you're going to
have problems--at least, I always did.
I had Vista installed for a few weeks (work-related development) and
ultimately said to hell with it, based on the incredible difficulties
I faced in getting Cygwin, MinGW, GnuPG, etc., to work.
For an example of this affecting MinGW, please see:
http://www.qtforum.org/article/19748/QT-422-Opensource-on-Vista.html
... For now, I think it would be prudent to say that GnuPG on Vista
is unsupported and not recommended.
From dshaw at jabberwocky.com Tue Mar 13 21:12:56 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 13 Mar 2007 16:12:56 -0400
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <920C1548-A4C8-45F7-90E5-CFC91FE8B95A@sixdemonbag.org>
References: <45F60EE2.4080809@teris.de>
<20070313041336.GB24706@jabberwocky.com>
<45F69CAD.7080308@teris.de>
<20070313132935.GA28721@jabberwocky.com>
<45F6D73A.7020601@teris.de>
<20070313183504.GB29210@jabberwocky.com>
<920C1548-A4C8-45F7-90E5-CFC91FE8B95A@sixdemonbag.org>
Message-ID: <20070313201256.GD29210@jabberwocky.com>
On Tue, Mar 13, 2007 at 02:51:56PM -0500, Robert J. Hansen wrote:
> > Interesting. Can you tell me the settings of these values in config.h
> > when you compiled:
>
> For what it's worth, Vista appears to have major problems with any
> program which depends on there being a libexec prefix. Whenever
> using a program that uses libexec helper programs, you're going to
> have problems--at least, I always did.
>
> I had Vista installed for a few weeks (work-related development) and
> ultimately said to hell with it, based on the incredible difficulties
> I faced in getting Cygwin, MinGW, GnuPG, etc., to work.
>
> For an example of this affecting MinGW, please see:
>
> http://www.qtforum.org/article/19748/QT-422-Opensource-on-Vista.html
>
>
>
> ... For now, I think it would be prudent to say that GnuPG on Vista
> is unsupported and not recommended.
I don't disagree, but we're going to have to get this working on Vista
eventually. The only way it's going to get supported and usable is to
fix the problems.
David
From svt at teris.de Tue Mar 13 22:34:23 2007
From: svt at teris.de (Sebsatian von Thadden)
Date: Tue, 13 Mar 2007 22:34:23 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <20070313183504.GB29210@jabberwocky.com>
References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de>
<20070313183504.GB29210@jabberwocky.com>
Message-ID: <45F718DF.9000408@teris.de>
Hi David,
> Interesting. Can you tell me the settings of these values in config.h
> when you compiled:
>
> HAVE_DRIVE_LETTERS
> DISABLE_KEYSERVER_PATH
> HAVE_W32_SYSTEM
>
> Also, do note that I don't think anyone has done a strong check of the
> random number code on Vista yet, so be warned about that. I'm just
> debugging the keyserver access stuff here.
>
I don't have any enviroment on this system, to compile gnupg. So I can't
tell you these informations.
Bye,
Sebastian
From dshaw at jabberwocky.com Tue Mar 13 22:46:14 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 13 Mar 2007 17:46:14 -0400
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F718DF.9000408@teris.de>
References: <45F60EE2.4080809@teris.de>
<20070313041336.GB24706@jabberwocky.com>
<45F69CAD.7080308@teris.de>
<20070313132935.GA28721@jabberwocky.com>
<45F6D73A.7020601@teris.de>
<20070313183504.GB29210@jabberwocky.com>
<45F718DF.9000408@teris.de>
Message-ID: <20070313214614.GE29210@jabberwocky.com>
On Tue, Mar 13, 2007 at 10:34:23PM +0100, Sebsatian von Thadden wrote:
> Hi David,
>
> > Interesting. Can you tell me the settings of these values in config.h
> > when you compiled:
> >
> > HAVE_DRIVE_LETTERS
> > DISABLE_KEYSERVER_PATH
> > HAVE_W32_SYSTEM
> >
> > Also, do note that I don't think anyone has done a strong check of the
> > random number code on Vista yet, so be warned about that. I'm just
> > debugging the keyserver access stuff here.
> >
>
> I don't have any enviroment on this system, to compile gnupg. So I can't
> tell you these informations.
Oh, you're using the precompiled Windows binary.
David
From svt at teris.de Tue Mar 13 22:46:58 2007
From: svt at teris.de (Sebsatian von Thadden)
Date: Tue, 13 Mar 2007 22:46:58 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F6F22D.8010007@gmail.com>
References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> <45F6C2E3.9040404@gmail.com> <45F6DB9A.3030300@madhatt.com>
<45F6F22D.8010007@gmail.com>
Message-ID: <45F71BD2.1040308@teris.de>
Hi J?rgen,
> Renaming gpgkeys_hkp.exe to gpgkeys_curl.exe seems to be working.
> Thanks for the tip.
> What is the difference between the two?
yes, it seems to work for me.
But I hope I can help to fix the problem completely. In the next month
there will be thousands of users with new hardware, where vista is
preinstalled.
Bye,
Sebastian
From svt at teris.de Tue Mar 13 22:53:00 2007
From: svt at teris.de (Sebsatian von Thadden)
Date: Tue, 13 Mar 2007 22:53:00 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <20070313214614.GE29210@jabberwocky.com>
References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> <20070313183504.GB29210@jabberwocky.com> <45F718DF.9000408@teris.de>
<20070313214614.GE29210@jabberwocky.com>
Message-ID: <45F71D3C.4060302@teris.de>
Hi,
> Oh, you're using the precompiled Windows binary.
I hope, I'm not the noob of the year, but yes, I've just downloaded the
1.4.7 in installed it.
Bye,
Sebastian
From hhhobbit at securemecca.net Wed Mar 14 00:50:29 2007
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Tue, 13 Mar 2007 17:50:29 -0600
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To:
References:
Message-ID: <45F738C5.1080708@securemecca.net>
David Shaw wrote:
>
> On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote:
>
>>>I think that this problem came up before, and that one has to rename
>>>gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I
>>can't remember).
>
>
> This will fix HKP, but remove the ability to use HTTP. Better to
> fix the bug here.
I don't know whether that is so much of a bug as a %PATH% problem.
Try adding the following to your %PATH% variable:
REM ADD THIS TO YOUR %PATH% HKLM entry (copy & paste):
;%ProgramFiles%\GNU\GnuPG
Getting to where to do it (just hope Vista is same):
Start -> Control Panel -> System (double click)
{Advanced} (tab)
[Environment Variables] (button)
Select PATH in the System variables and tack the addition suggested
on to the end of it and see if that works. The fine points of these
instructions go for W2K, XP, and 2003 Server. Vista may have
changed how to get to things. It will NOT change the fact that
adding stuff to the %PATH% cures LOTS of problems.
If you do that, and the problem still isn't fixed, THEN we have a bug.
A lot of people have been saying this or that won't work with Vista.
The appropriate additions to the %PATH% or the setting of other
environment variables usually fixes their problem. OTOH, I haven't
seen their changes to the Registry. I am still using REG4 *.reg
files (which will work up through 2003 Server) if that tells you
anything.
HHH
From me at psmay.com Tue Mar 13 23:41:36 2007
From: me at psmay.com (Peter S. May)
Date: Tue, 13 Mar 2007 18:41:36 -0400
Subject: gpgsm doesn't recognize certs are related to secret keys
Message-ID: <45F728A0.4010002@psmay.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
(This message is a dupe of one sent earlier under the wrong address;
admins, please deny the previous version.)
I've extracted some Thawte and CAcert keys and certs from my browser and
imported them into gpgsm (from gnupg-2.0.3, with it and all of its
dependencies downloaded and compiled in their latest versions over the
weekend). ls -l ~/.gnupg/private-keys-v1.d/ lists the three private
keys that I imported, and all of the corresponding certs show up in
- --list-keys:
$ gpgsm --list-keys psmay
/home/psmay/.gnupg/pubring.kbx
- ----------------------------
Serial number: 067A86EB7BA000EF5E6F6341D8070D7E
Issuer: /CN=Thawte Personal Freemail Issuing CA/O=Thawte
Consulting (Pty) Ltd./C=ZA
Subject: /CN=Peter Samuel May/EMail=psmay at halfgeek.org/GN=Peter
Samuel/SN=May
aka: psmay at halfgeek.org
validity: 2006-10-09 18:39:01 through 2007-10-09 18:39:01
key type: 2048 bit RSA
fingerprint: 96:D2:E8:44:1D:7B:31:8B:C8:CC:07:ED:E3:A0:C2:73:41:A3:56:E9
Serial number: 02C4AD
Issuer: /CN=CA Cert Signing
Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org
Subject: /EMail=me at psmay.com/EMail=psmay at halfgeek.org
aka: psmay at halfgeek.org
aka: me at psmay.com
validity: 2006-10-12 14:24:50 through 2007-10-12 14:24:50
key type: 2048 bit RSA
fingerprint: 43:F3:E6:0B:1B:25:4E:BA:3A:69:DA:56:8E:F8:35:08:CD:4B:A7:52
Serial number: 02C5B0
Issuer: /CN=CA Cert Signing
Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org
Subject: /CN=Peter Samuel
May/EMail=me at psmay.com/EMail=psmay at halfgeek.org
aka: psmay at halfgeek.org
aka: me at psmay.com
validity: 2006-10-13 05:52:09 through 2007-10-13 05:52:09
key type: 2048 bit RSA
fingerprint: 26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8
(The CAs' certs also show up when I don't qualify this with my name.)
However, it doesn't seem to realize that it has the secret keys for
these certs:
$ gpgsm --list-secret-keys
/home/psmay/.gnupg/pubring.kbx
- ----------------------------
$
And since it doesn't, I also can't use the private keys:
$ gpgsm --local-user
26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8 --sign somefile
gpgsm: can't sign using
`26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8': No secret key
Anyone have any ideas?
Thanks
PSM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF9yieei6R+3iF2vwRCsVGAKCLrGNyodcF8MkKdfdp7z/F/CsjJACfZFOM
ayzMVgX+QgKbz1p0UqgBjTk=
=JhYa
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Wed Mar 14 03:41:29 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 13 Mar 2007 22:41:29 -0400
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <20070314015211.GB30707@jabberwocky.com>
References:
<45F738C5.1080708@securemecca.net>
<20070314015211.GB30707@jabberwocky.com>
Message-ID: <20070314024129.GC30707@jabberwocky.com>
On Tue, Mar 13, 2007 at 09:52:11PM -0400, David Shaw wrote:
> On Tue, Mar 13, 2007 at 05:50:29PM -0600, Henry Hertz Hobbit wrote:
> > David Shaw wrote:
> > >
> > > On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote:
> > >
> > >>>I think that this problem came up before, and that one has to rename
> > >>>gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I
> > >>can't remember).
> > >
> > >
> > > This will fix HKP, but remove the ability to use HTTP. Better to
> > > fix the bug here.
> >
> > I don't know whether that is so much of a bug as a %PATH% problem.
> > Try adding the following to your %PATH% variable:
>
> I doubt this is a path problem. gpgkeys_hkp.exe and gpgkeys_curl.exe
> are in the same directory. If it was a path problem, both wouldn't
> work.
>
> It's an access() problem. I'm not sure exactly what I want to do
> about it though.
If anyone is building on Vista (or building elsewhere but using it on
Vista), try this patch.
David
-------------- next part --------------
Index: keyserver.c
===================================================================
--- keyserver.c (revision 4459)
+++ keyserver.c (working copy)
@@ -41,6 +41,14 @@
#include "keyserver-internal.h"
#include "util.h"
+#ifdef HAVE_W32_SYSTEM
+/* It seems Vista doesn't grok X_OK and so fails access() tests.
+ Previous versions interpreted X_OK as F_OK anyway, so we'll just
+ use F_OK directly. */
+#undef X_OK
+#define X_OK F_OK
+#endif /* HAVE_W32_SYSTEM */
+
struct keyrec
{
KEYDB_SEARCH_DESC desc;
From lfittl at ubuntu.com Wed Mar 14 02:26:52 2007
From: lfittl at ubuntu.com (Lukas Fittl)
Date: Wed, 14 Mar 2007 02:26:52 +0100
Subject: Pinpad problem with SCM SPR532
Message-ID: <1173835612.4606.9.camel@tenjin>
I recently bought an SCM SPR532 for testing purposes, and "gpg
--card-status" works (without pcscd running), but when pinentry asks me
to enter the PIN on the pinpad (tested with decryption, signing, and
verify pin) it gives the following error in the log file of scdaemon, in
the case of signing:
2007-03-14 02:20:11 scdaemon[4455] DBG: send apdu: c=00 i=CA p0=00 p1=7A
lc=-1 le=256
2007-03-14 02:20:11 scdaemon[4455] DBG: APDU_data: 00 CA 00 7A 00
2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending 6F 09 00 00
00 00 11 04 00 00 00 40 05 00 CA 00 7A 00 F5
2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: status: 00 error:
00 octet[9]: 04
data: 00 40 07 93 03 00 04 69 90 00 2A
2007-03-14 02:20:11 scdaemon[4455] DBG: response: sw=9000 datalen=5
2007-03-14 02:20:11 scdaemon[4455] DBG: dump: 93 03 00 04 69
2007-03-14 02:20:11 scdaemon[4455] signatures created so far: 1129
2007-03-14 02:20:11 scdaemon[4455] DBG: prompting for keypad entry '||
Please enter your PIN at the reader's keypad%0A[sigs done: 1129]'
2007-03-14 02:20:11 scdaemon[4455] DBG: send apdu: c=00 i=20 p0=00 p1=81
lc=0 le=-1
2007-03-14 02:20:11 scdaemon[4455] DBG: APDU_data: 00 20 00 81 00
2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending escape
sequence to switch to a case 1 APDU
2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending 6B 03 00 00
00 00 12 00 00 00 80 02 00
2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: status: 00 error:
00 octet[9]: 00
data:
2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending 69 13 00 00
00 00 13 00 00 00 00 00 82 00 00 19 06 02 FF 04 09 00 00 00 00 00 20 00
81
2007-03-14 02:20:16 scdaemon[4455] DBG: ccid-driver: status: 40 error:
EF octet[9]: 00
data:
2007-03-14 02:20:16 scdaemon[4455] DBG: ccid-driver: CCID command
failed: PIN cancelled
2007-03-14 02:20:16 scdaemon[4455] ccid_transceive failed: (0x1000d)
2007-03-14 02:20:16 scdaemon[4455] apdu_send_simple(0) failed: aborted
2007-03-14 02:20:16 scdaemon[4455] DBG: dismiss keypad entry prompt
2007-03-14 02:20:16 scdaemon[4455] verify CHV1 failed: Operation
cancelled
2007-03-14 02:20:16 scdaemon[4455] operation sign result: Operation
cancelled
2007-03-14 02:20:16 scdaemon[4455] card_sign failed: Operation cancelled
gpg output:
gpg: sending command `SCD PKSIGN' to agent failed: ec=6.99
gpg: signing failed: general error
gpg: file.txt: clearsign failed: general error
gpg version is 1.4.6, gpg2 version is 2.0.3, OS is Debian on i386.
Full scdaemon.log can be found at
http://www.ixios-software.com/~lfittl/misc/scdaemon.log
Thanks,
Lukas
--
Lukas Fittl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20070314/7f13f3d0/attachment.pgp
From dshaw at jabberwocky.com Wed Mar 14 02:52:11 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 13 Mar 2007 21:52:11 -0400
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F738C5.1080708@securemecca.net>
References:
<45F738C5.1080708@securemecca.net>
Message-ID: <20070314015211.GB30707@jabberwocky.com>
On Tue, Mar 13, 2007 at 05:50:29PM -0600, Henry Hertz Hobbit wrote:
> David Shaw wrote:
> >
> > On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote:
> >
> >>>I think that this problem came up before, and that one has to rename
> >>>gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I
> >>can't remember).
> >
> >
> > This will fix HKP, but remove the ability to use HTTP. Better to
> > fix the bug here.
>
> I don't know whether that is so much of a bug as a %PATH% problem.
> Try adding the following to your %PATH% variable:
I doubt this is a path problem. gpgkeys_hkp.exe and gpgkeys_curl.exe
are in the same directory. If it was a path problem, both wouldn't
work.
It's an access() problem. I'm not sure exactly what I want to do
about it though.
David
From svt at teris.de Wed Mar 14 04:46:26 2007
From: svt at teris.de (Sebsatian von Thadden)
Date: Wed, 14 Mar 2007 04:46:26 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F738C5.1080708@securemecca.net>
References:
<45F738C5.1080708@securemecca.net>
Message-ID: <45F77012.2080000@teris.de>
Hi Henry,
> REM ADD THIS TO YOUR %PATH% HKLM entry (copy & paste):
>
> ;%ProgramFiles%\GNU\GnuPG
>
> Getting to where to do it (just hope Vista is same):
>
> Start -> Control Panel -> System (double click)
> {Advanced} (tab)
> [Environment Variables] (button)
>
> Select PATH in the System variables and tack the addition suggested
> on to the end of it and see if that works. The fine points of these
> instructions go for W2K, XP, and 2003 Server. Vista may have
> changed how to get to things. It will NOT change the fact that
> adding stuff to the %PATH% cures LOTS of problems.
>
> If you do that, and the problem still isn't fixed, THEN we have a bug.
> A lot of people have been saying this or that won't work with Vista.
> The appropriate additions to the %PATH% or the setting of other
> environment variables usually fixes their problem. OTOH, I haven't
> seen their changes to the Registry. I am still using REG4 *.reg
> files (which will work up through 2003 Server) if that tells you
> anything.
>
I had already added the gnupg-directory to my path-variables and I've
tested it. The path-variable works correct.
I think, gpg can find the program correct, because
"gpg: DBG: system() command is C:\gnupg\gpgkeys_curl.exe"
is in the output. I've installed gpg in this dir, to test, if the
vista-roaming-function make problems (The auto-roaming of vista does
only work in system-dirs like program_files or windows, but not in other
dirs on a partition.
To analyse the problem, I've tried to change the props of the exe-files
in vista:
Run as admin, win2000 compatibility, winxpSP2 compatibility... All of
these probs don't have any positive effect.
Thanks for your idea!
Bye,
Sebastian
From svt at teris.de Wed Mar 14 05:03:28 2007
From: svt at teris.de (Sebsatian von Thadden)
Date: Wed, 14 Mar 2007 05:03:28 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <20070314024129.GC30707@jabberwocky.com>
References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com>
<20070314024129.GC30707@jabberwocky.com>
Message-ID: <45F77410.4090008@teris.de>
Hi David,
I can't build it now, because, I don't have installed the software to
build it.
If you know a website, where I can find out, how to build the package, I
will try it.
I've some experience in building packages like apache, php... on a linux
system. Under windows, I've never built anything. - But, I can learn it:-)
> If anyone is building on Vista (or building elsewhere but using it on
> Vista), try this patch.
Thanks a lot for your very fast work. I hope, you and the gpg-community
can solve it.
Bye,
Sebastian
From jmoore3rd at bellsouth.net Wed Mar 14 05:57:04 2007
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Wed, 14 Mar 2007 00:57:04 -0400
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F77410.4090008@teris.de>
References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com>
<45F77410.4090008@teris.de>
Message-ID: <45F780A0.6000606@bellsouth.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Sebsatian von Thadden wrote:
> Under windows, I've never built anything. - But, I can learn it:-)
>
>
>> If anyone is building on Vista (or building elsewhere but using it on
>> Vista), try this patch.
>
> Thanks a lot for your very fast work. I hope, you and the gpg-community
> can solve it.
I cannot guarantee a Vista Build; but I am going to send You an Invite
to My Y! Group where Compiling is discussed and assisted. This would
also be an excellent Forum in which to discuss Your desires and receive
some assistance from those who have gone before. :)
JOHN 8-)
Timestamp: Wednesday 14 Mar 2007, 00:55 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8-svn4459: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: My Homepage: http://tinyurl.com/yzhbhx
iQEcBAEBCgAGBQJF94CaAAoJEBCGy9eAtCsPsr8IAJgA2Bh+/hhKyYafHroxqsi6
GpO12JUnpDI7pd/42pPFGKZUoses7Cm06xX7KyMbymPJTuQvn9I/XSZgN7ufpGZo
EomnLRMXqKMB8JAnUWkj/aq5bhWvdLkZpYJxRAUs0kHxcGFugeXAaED51L5++4CE
1O7RwE81O51VJ7XS1TTE9QzPNiRUIfIkkyn4IfYHAXciwhgfVA+ZW6mYGrHBhi+S
qh5pdgFRA2fONwjj+53DBvM8cf5JVn9nvpQb1nKw6KbvgSi0xO3dRK63W3SiVHlu
u5ObOyvmlqS8ProDtc27kKlIM0s6MKY65BIDxpGZx7CvZKtWO3RyWrbtuSjogbg=
=TPh6
-----END PGP SIGNATURE-----
From rjh at sixdemonbag.org Wed Mar 14 05:47:35 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 13 Mar 2007 23:47:35 -0500
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <45F77410.4090008@teris.de>
References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com>
<20070314024129.GC30707@jabberwocky.com>
<45F77410.4090008@teris.de>
Message-ID:
> I can't build it now, because, I don't have installed the software to
> build it.
The software needed to build it doesn't exist for Vista. Either
Cygwin or the MinGW compilers are needed, and neither of them work
with Vista at this point. (MinGW fails with the same problem that's
afflicting GnuPG, it appears.)
It's possible to build trivial apps with Cygwin/MinGW on Vista. It's
not possible to do serious work.
For now, the only real solution is to cross-compile for Vista or else
mangle the GnuPG source enough to make it work with MSVC2005.
Neither solution appears optimal.
> If you know a website, where I can find out, how to build the
> package, I
> will try it.
I think John Moore's the go-to guy for building GnuPG on Windows XP.
I don't know if he has any insights into compiling GnuPG on Vista,
however.
From wk at gnupg.org Wed Mar 14 09:05:28 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 14 Mar 2007 09:05:28 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <20070314024129.GC30707@jabberwocky.com> (David Shaw's message of
"Tue\, 13 Mar 2007 22\:41\:29 -0400")
References:
<45F738C5.1080708@securemecca.net>
<20070314015211.GB30707@jabberwocky.com>
<20070314024129.GC30707@jabberwocky.com>
Message-ID: <873b48jlmf.fsf@wheatstone.g10code.de>
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : /pipermail/attachments/20070314/9de3a1ad/attachment.pgp
From wk at gnupg.org Wed Mar 14 09:20:27 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 14 Mar 2007 09:20:27 +0100
Subject: gpgsm doesn't recognize certs are related to secret keys
In-Reply-To: <45F728A0.4010002@psmay.com> (Peter S. May's message of "Tue\, 13
Mar 2007 18\:41\:36 -0400")
References: <45F728A0.4010002@psmay.com>
Message-ID: <87y7m0i6d0.fsf@wheatstone.g10code.de>
On Tue, 13 Mar 2007 23:41, me at psmay.com said:
>
> $ gpgsm --list-secret-keys
> /home/psmay/.gnupg/pubring.kbx
> ----------------------------
> $
There might be a problem with the gpg-agent. Make sure that gpg-agent
is running and add
verbose
debug 1024
log-file /for/bar/agent.log
to gpg-agent.conf. Give a running gpg-agent a HUP or start it again.
You may also use
gpg-agent --daemon sh
and do your test within this shell. You should see lines like
DBG: ERR 67108881 No secret key
DBG: OK
No OK lines? Run
gpgsm --dump-keys
which will show you the keygrip. The keygrip is what you see in the
gpg-agent requests and they are also the basenames of the files below
private-keys-v1.d/
Salam-Shalom,
Werner
From wk at gnupg.org Wed Mar 14 09:31:35 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 14 Mar 2007 09:31:35 +0100
Subject: Pinpad problem with SCM SPR532
In-Reply-To: <1173835612.4606.9.camel@tenjin> (Lukas Fittl's message of "Wed\,
14 Mar 2007 02\:26\:52 +0100")
References: <1173835612.4606.9.camel@tenjin>
Message-ID: <87tzwoi5ug.fsf@wheatstone.g10code.de>
On Wed, 14 Mar 2007 02:26, lfittl at ubuntu.com said:
> I recently bought an SCM SPR532 for testing purposes, and "gpg
> --card-status" works (without pcscd running), but when pinentry asks me
> to enter the PIN on the pinpad (tested with decryption, signing, and
> verify pin) it gives the following error in the log file of scdaemon, in
I can confirm that there is a regression. Currently checking what I
did wrong.
Shalom-Salam,
Werner
From wk at gnupg.org Wed Mar 14 10:28:55 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 14 Mar 2007 10:28:55 +0100
Subject: Pinpad problem with SCM SPR532
In-Reply-To: <1173835612.4606.9.camel@tenjin> (Lukas Fittl's message of "Wed\,
14 Mar 2007 02\:26\:52 +0100")
References: <1173835612.4606.9.camel@tenjin>
Message-ID: <87ps7ci36w.fsf@wheatstone.g10code.de>
Hi,
It does not seem to be a regression. After connecting the reader and
running scdaemon as:
gpg-agent --daemon sh
gpgsm --edit-key
I entered the command "verify" and got the same error as you. ThenI
stopped scdaemon (exit from the shell) and run the same comamnds
again. Now it works. However the right LED (enter pin) keeps lit
after the PIN has been entered.
Thus there is something wrong with the internal state of the reader.
I can't recall whether I noticed that in the past. This needs further
investigation.
As a workaround I would kill scdaemon so that gpg-agent starts a new
one - which should then work as described above.
[tracked as bug 773]
Salam-Shalom,
Werner
From patrick at mozilla-enigmail.org Wed Mar 14 09:33:43 2007
From: patrick at mozilla-enigmail.org (Patrick Brunschwig)
Date: Wed, 14 Mar 2007 09:33:43 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <873b48jlmf.fsf__28062.0411308066$1173860404$gmane$org@wheatstone.g10code.de>
References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com>
<873b48jlmf.fsf__28062.0411308066$1173860404$gmane$org@wheatstone.g10code.de>
Message-ID: <45F7B367.3060309@mozilla-enigmail.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Werner Koch wrote:
> On Wed, 14 Mar 2007 03:41, dshaw at jabberwocky.com said:
>
>> If anyone is building on Vista (or building elsewhere but using it on
>> Vista), try this patch.
>
> I have build a version with that patch. The upx packed gpg.exe binary
> is available at:
>
> ftp://ftp.g10code.com/g10code/scratch/gpg.exe
>
> $ sha1sum gpg.exe
> 9dbde44dc9275e2b4918839c7a789040dda0a64b gpg.exe
I happen to have a Vista installation. I tried to download and upload
keys from hkp servers -- the patched version of gpg is working fine here :-)
- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRfezZ3cOpHodsOiwAQJXngf/V3QLMugZvIPLNSfhcO8iCnqcsirak5XI
gRkYLhiJ7YLM19Acw3GjkPtVzgXwC0NmD5Txki++0bQ0723bgBKQC+bdEEHxwziC
K32bHQ9SDsnZl6bRvMU+19g/7UPG7wvltoZBwNtphppq9FwVKg4ab2WrqE4HyvuZ
SX6Zb9EN6FCTUnKNPkGJ+pPupYdYUSwnt5WBTo/pMB+NZWcxt34T9X0F9yAUb1Q2
l3sEA88XJD9/G0dJQn3xSi9x4Au9nHQqofdBW4vgtSdmBnOYsivAVpkICtnmrjK5
2xg5l4Do/SrWlwF/4l+vT/jHbGeEU8HEhykFIoCLPmPA0CWnDX6vpA==
=V+C2
-----END PGP SIGNATURE-----
From svt at teris.de Wed Mar 14 12:54:27 2007
From: svt at teris.de (Sebsatian von Thadden)
Date: Wed, 14 Mar 2007 12:54:27 +0100
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <873b48jlmf.fsf@wheatstone.g10code.de>
References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com>
<873b48jlmf.fsf@wheatstone.g10code.de>
Message-ID: <45F7E273.30601@teris.de>
Hi,
> ftp://ftp.g10code.com/g10code/scratch/gpg.exe
>
> $ sha1sum gpg.exe
> 9dbde44dc9275e2b4918839c7a789040dda0a64b gpg.exe
it seems, it works perfect!
Thanks a lot!
Bye,
Sebastian
From dshaw at jabberwocky.com Wed Mar 14 13:40:34 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 14 Mar 2007 08:40:34 -0400
Subject: GnuPG incompatible with windows-vista ?
In-Reply-To: <873b48jlmf.fsf@wheatstone.g10code.de>
References:
<45F738C5.1080708@securemecca.net>
<20070314015211.GB30707@jabberwocky.com>
<20070314024129.GC30707@jabberwocky.com>
<873b48jlmf.fsf@wheatstone.g10code.de>
Message-ID: <20070314124034.GA2338@jabberwocky.com>
On Wed, Mar 14, 2007 at 09:05:28AM +0100, Werner Koch wrote:
> On Wed, 14 Mar 2007 03:41, dshaw at jabberwocky.com said:
>
> > If anyone is building on Vista (or building elsewhere but using it on
> > Vista), try this patch.
>
> I have build a version with that patch. The upx packed gpg.exe binary
> is available at:
>
> ftp://ftp.g10code.com/g10code/scratch/gpg.exe
>
> $ sha1sum gpg.exe
> 9dbde44dc9275e2b4918839c7a789040dda0a64b gpg.exe
Thanks for building this. It looks good, so I'll commit the patch for
the next releases.
David
From me at psmay.com Wed Mar 14 14:52:52 2007
From: me at psmay.com (Peter S. May)
Date: Wed, 14 Mar 2007 09:52:52 -0400
Subject: gpgsm doesn't recognize certs are related to secret keys)
In-Reply-To: <87y7m0i6d0.fsf@wheatstone.g10code.de>
References: <45F728A0.4010002@psmay.com> <87y7m0i6d0.fsf@wheatstone.g10code.de>
Message-ID: <45F7FE34.3030603@psmay.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On the one hand, yes, it was a gpg-agent problem. It turned out that
seahorse-daemon was running and screwing up the whole thing.
- --list-secret-keys started working once I unset GPG_AGENT_INFO. It
still complained that there was no gpg-agent running, though. Does
gpgsm require a gpg-agent running? I don't recall gpg2 requiring it.
Anyway, I got a gpg-agent up and running and tried again. This is what
happened:
$ gpgsm --sign somefile
dirmngr[4522]: error opening
`/home/psmay/.gnupg/dirmngr_ldapservers.conf': No such file or directory
dirmngr[4522]: permanently loaded certificates: 0
dirmngr[4522]: runtime cached certificates: 0
dirmngr[4522]: no CRL available for issuer id
dirmngr[4522]: crl_fetch via issuer failed: Configuration error
dirmngr[4522]: command ISVALID failed: Configuration error
gpgsm: certificate #/CN=Thawte Personal Freemail Issuing
CA,O=Thawte Consulting (Pty) Ltd.,C=ZA
gpgsm: checking the CRL failed: Configuration error
gpgsm: error creating signature: Configuration error
I figured that this was a sign that I should disable some checking--it's
my own private key, so there shouldn't be any trust issues, right? So I
tried this:
$ gpgsm --verbose --disable-crl-checks --disable-ocsp --sign somefile
gpgsm: no key usage specified - assuming all usages
gpgsm: no key usage specified - assuming all usages
gpgsm: certificate is good
gpgsm: certificate is good
gpgsm: checking the trust list failed: No such file or directory
gpgsm: error creating signature: No such file or directory
The agent log says this:
2007-03-14 09:21:28 gpg-agent[5376] handler 0x808c820 for fd 7 started
gpg-agent[5376.7] DBG: -> OK Pleased to meet you
gpg-agent[5376.7] DBG: OK
gpg-agent[5376.7] DBG: OK
gpg-agent[5376.7] DBG: OK
gpg-agent[5376.7] DBG: OK
gpg-agent[5376.7] DBG: OK
gpg-agent[5376.7] DBG: OK
gpg-agent[5376.7] DBG:
gpg-agent[5376.7] DBG: -> OK
gpg-agent[5376.7] DBG:
2007-03-14 09:21:28 gpg-agent[5376] error opening
`/usr/local/etc/gnupg/trustlist.txt': No such file or directory
2007-03-14 09:21:28 gpg-agent[5376] error reading list of trusted root
certificates
2007-03-14 09:21:28 gpg-agent[5376] command is_trusted failed: No such
file or directory
gpg-agent[5376.7] DBG: -> ERR 67141713 No such file or directory
gpg-agent[5376.7] DBG: ,CN=Thawte
Personal Freemail CA,OU=Certification Services Division,O=Thawte
Consulting,L=Cape Town,ST=Western Cape,C=ZA
gpgsm: DBG: subject: 1.2.840.113549.1.9.1=#,CN=Thawte
Personal Freemail CA,OU=Certification Services Division,O=Thawte
Consulting,L=Cape Town,ST=Western Cape,C=ZA
gpgsm: DBG: hash algo: 1.2.840.113549.1.1.4
gpgsm: DBG: SHA1 Fingerprint:
20:99:00:B6:3D:95:57:28:14:0C:D1:36:22:D8:C6:87:A4:EB:00:85
gpgsm: DBG: END Certificate
gpgsm: after checking the fingerprint, you may want to add it manually
to the list of trusted certificates.
gpgsm: interactive marking as trusted not enabled in gpg-agent
gpgsm: error creating signature: Not trusted
I added that fingerprint as a line to trustlist.txt, fixed the gpg-agent
config (apparently it didn't have a default pinentry), restarted
gpg-agent (kill -HUP pid didn't do the trick), and suddenly everything
worked.
All this said, here are my questions:
* Why does gpgsm do all of this trust checking just to use a private
key? Why don't private keys already have (the S/MIME equivalent to)
ultimate trust?
* Why didn't I already have a trustlist.txt? Shouldn't the source
install process at least touch the file?
* Is gpg-agent actually necessary for all this? What's wrong with
accepting my passphrase at the console if it's not running? (All right,
I've already gathered that gpg-agent does way more than password
caching, in which case the real question is, why is so much of this
functionality in gpg-agent instead of gpgsm?)
* Is there a user trustlist.txt that can be used instead, or do I need
to edit trustlist.txt as root every time a change needs to be made?
In the meantime, I guess I should figure out how to configure dirmngr,
though it seems a little superfluous. Yet another reason I'll always
prefer OpenPGP to S/MIME, I guess...
Thanks
PSM
Werner Koch wrote:
> On Tue, 13 Mar 2007 23:41, me at psmay.com said:
>
>> $ gpgsm --list-secret-keys
>> /home/psmay/.gnupg/pubring.kbx
>> ----------------------------
>> $
>
> There might be a problem with the gpg-agent. Make sure that gpg-agent
> is running and add
>
> verbose
> debug 1024
> log-file /for/bar/agent.log
>
> to gpg-agent.conf. Give a running gpg-agent a HUP or start it again.
> You may also use
>
> gpg-agent --daemon sh
>
> and do your test within this shell. You should see lines like
>
>
> DBG: DBG: -> ERR 67108881 No secret key
> DBG: DBG: -> OK
>
> No OK lines? Run
>
> gpgsm --dump-keys
>
> which will show you the keygrip. The keygrip is what you see in the
> gpg-agent requests and they are also the basenames of the files below
> private-keys-v1.d/
>
>
> Salam-Shalom,
>
> Werner
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF9/4wei6R+3iF2vwRChc3AKCAK//p7THk6fIBE26AMIGTdRQhlwCfRWqP
sSpy7w2sMerPOUr/qWrVPic=
=50DP
-----END PGP SIGNATURE-----
From me at psmay.com Wed Mar 14 15:09:20 2007
From: me at psmay.com (Peter S. May)
Date: Wed, 14 Mar 2007 10:09:20 -0400
Subject: gpg-agent: Different TTLs for different keys
Message-ID: <45F80210.60508@psmay.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
In the stupid gpg-agent tricks department:
Say I have two signing keys. One of them signs e-mails and one of them
is used by an automated backup process; admittedly not as trustworthy
(which is why I don't want to use my e-mail key) but better than nothing
if my access control holds up otherwise.
I want to set gpg-agent to handle both, but the TTL on the e-mail key
should be 5 minutes and the TTL on the backup key should be indefinite
(I should only have to enter it every time I boot). Is there a way to
do this?
Thanks
PSM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF+AILei6R+3iF2vwRCmBxAKCmd1MZfmVmC/4wEuV4QFNxgXxyJQCghnIM
zkuPXK7azzq5OVXQkgSH0t8=
=K1xt
-----END PGP SIGNATURE-----
From me at psmay.com Wed Mar 14 15:12:37 2007
From: me at psmay.com (Peter S. May)
Date: Wed, 14 Mar 2007 10:12:37 -0400
Subject: gpgsm doesn't recognize certs are related to secret keys)
In-Reply-To: <45F7FE34.3030603@psmay.com>
References: <45F728A0.4010002@psmay.com> <87y7m0i6d0.fsf@wheatstone.g10code.de>
<45F7FE34.3030603@psmay.com>
Message-ID: <45F802D5.9060306@psmay.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
> * Is there a user trustlist.txt that can be used instead, or do I need
> to edit trustlist.txt as root every time a change needs to be made?
I realize now this one was an RTFM. Problem was, I expected this
information in man gpgsm, not man gpg-agent...
Thanks
PSM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF+ALPei6R+3iF2vwRCggiAKCjuXNNBJ7J9jccgqoBY8VkkQwJbACfdh+m
ONgbmeE0StEwXHk159R0YDQ=
=kbMU
-----END PGP SIGNATURE-----
From chikin.yeung at synergis.com.hk Wed Mar 14 09:04:34 2007
From: chikin.yeung at synergis.com.hk (aloha)
Date: Wed, 14 Mar 2007 01:04:34 -0700 (PDT)
Subject: GNUPG, how to set the passphrase as parameter in comment line
Message-ID: <9469929.post@talk.nabble.com>
Hi all,
I m new in this forum and new in GnuPG. I m now writing a program which need
to encrypt the outputted csv with GnuPG.
I've wrote a batch file in windows xp to execute the gnu to encrypt,
everything goes fine.
But when the gnu start to encrypt, it will as me to input the passphrase.
How to "automate" this? Does gnupg provide a parameter which allow use to
input the passphrase that user doesn't need to input everytime?
thanks a lot
Aloha
--
View this message in context: http://www.nabble.com/GNUPG%2C-how-to-set-the-passphrase-as-parameter-in-comment-line-tf3400686.html#a9469929
Sent from the GnuPG - User mailing list archive at Nabble.com.
From nsmith297 at gmail.com Tue Mar 13 03:02:17 2007
From: nsmith297 at gmail.com (Nathan Smith)
Date: Mon, 12 Mar 2007 19:02:17 -0700 (PDT)
Subject: signing source code with gpg
Message-ID: <9447180.post@talk.nabble.com>
Does anyone know if there's a solution to signing source code (using gpg), in
a way which will still allow the source code to function. For example for a
Java file if the GPG signature code be placed within the comments embedded
within the Java source (ie /* */ ), of within XML comments (ie )
for an XML file. We are trying to impliment a source signing policy at our
company, where a developers source code is signed before it is checked into
our source control system. But of course, the source must still be able to
compile, and signing must not effect the functionality of the source.
Thanks.. Nate
--
View this message in context: http://www.nabble.com/signing-source-code-with-gpg-tf3393462.html#a9447180
Sent from the GnuPG - User mailing list archive at Nabble.com.
From psmay at halfgeek.org Tue Mar 13 18:11:44 2007
From: psmay at halfgeek.org (Peter S. May)
Date: Tue, 13 Mar 2007 13:11:44 -0400
Subject: gpgsm doesn't recognize certs are related to secret keys
Message-ID: <45F6DB50.7080408@halfgeek.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I've extracted some Thawte and CAcert keys and certs from my browser and
imported them into gpgsm. ls -l ~/.gnupg/private-keys-v1.d/ lists the
three private keys that I imported, and all of the corresponding certs
show up in --list-keys:
$ gpgsm --list-keys psmay
/home/psmay/.gnupg/pubring.kbx
- ----------------------------
Serial number: 067A86EB7BA000EF5E6F6341D8070D7E
Issuer: /CN=Thawte Personal Freemail Issuing CA/O=Thawte
Consulting (Pty) Ltd./C=ZA
Subject: /CN=Peter Samuel May/EMail=psmay at halfgeek.org/GN=Peter
Samuel/SN=May
aka: psmay at halfgeek.org
validity: 2006-10-09 18:39:01 through 2007-10-09 18:39:01
key type: 2048 bit RSA
fingerprint: 96:D2:E8:44:1D:7B:31:8B:C8:CC:07:ED:E3:A0:C2:73:41:A3:56:E9
Serial number: 02C4AD
Issuer: /CN=CA Cert Signing
Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org
Subject: /EMail=me at psmay.com/EMail=psmay at halfgeek.org
aka: psmay at halfgeek.org
aka: me at psmay.com
validity: 2006-10-12 14:24:50 through 2007-10-12 14:24:50
key type: 2048 bit RSA
fingerprint: 43:F3:E6:0B:1B:25:4E:BA:3A:69:DA:56:8E:F8:35:08:CD:4B:A7:52
Serial number: 02C5B0
Issuer: /CN=CA Cert Signing
Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org
Subject: /CN=Peter Samuel
May/EMail=me at psmay.com/EMail=psmay at halfgeek.org
aka: psmay at halfgeek.org
aka: me at psmay.com
validity: 2006-10-13 05:52:09 through 2007-10-13 05:52:09
key type: 2048 bit RSA
fingerprint: 26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8
(The CAs' certs also show up when I don't qualify this with my name.)
However, it doesn't seem to realize that it has the secret keys for
these certs:
$ gpgsm --list-secret-keys
/home/dro/.gnupg/pubring.kbx
- ----------------------------
$
And since it doesn't, I also can't use the private keys:
$ gpgsm --local-user
26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8 --sign somefile
gpgsm: can't sign using
`26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8': No secret key
Anyone have any ideas?
Thanks
PSM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF9ttMei6R+3iF2vwRCpSmAKCtzXFUV7aTvcX2ARdKrx356EYJwwCfdjNg
UG4JdsPUQkIkEBBaA/jZxfA=
=peA+
-----END PGP SIGNATURE-----
From psmay at halfgeek.org Tue Mar 13 18:24:47 2007
From: psmay at halfgeek.org (Peter S. May)
Date: Tue, 13 Mar 2007 13:24:47 -0400
Subject: gpgsm doesn't recognize certs are related to secret keys
In-Reply-To: <45F6DB50.7080408@halfgeek.org>
References: <45F6DB50.7080408@halfgeek.org>
Message-ID: <45F6DE5F.5090400@halfgeek.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Neglected to mention that the aforementioned problem was in gpgsm from
gnupg-2.0.3, with it and its four dependencies at latest release
versions, freshly compiled this weekend.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF9t5cei6R+3iF2vwRCt0vAKCtl9qzxozXH46TWEmjc9gzi7PgbwCfaffS
sx50+75QbrRIJpH5ZTghTmc=
=M0Hf
-----END PGP SIGNATURE-----
From me at psmay.com Wed Mar 14 18:02:23 2007
From: me at psmay.com (Peter S. May)
Date: Wed, 14 Mar 2007 13:02:23 -0400
Subject: signing source code with gpg
In-Reply-To: <9447180.post@talk.nabble.com>
References: <9447180.post@talk.nabble.com>
Message-ID: <45F82A9F.4000509@psmay.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
There are certainly some hacks you could try out, but they would be
somewhat error-prone. The easiest and most secure way to go about this
would probably be to --detach-sign instead of doing a cleartext signature.
If you require a cleartext signature, reconsider your design.
If you still require a cleartext signature, _reconsider your design_.
If you _still_ require a cleartext signature, here's something that
would clearsign a (slightly modified) Java file and still compile:
echo "/*" > startcomment.tmp
echo "*/" > endcomment.tmp
cat endcomment.tmp HelloWorld.java startcomment.tmp | \
gpg --not-dash-escaped --no-escape-from-lines --clearsign | \
cat startcomment.tmp - endcomment.tmp > HelloWorld.signed.java
The signed part itself is not valid Java, but the result of the message
after signing is. If you were to actually use this, anyone who verifies
your code will be required to make sure nothing substantive occurs
before or after the signed part (i.e., nothing before the start line
except /* and nothing after the end line except */); it would be easy to
sneak in some bad code. Additionally, your verifiers would need GnuPG
to verify since the NotDashEscaped extension is included. Between these
two factors it's really just way better to --detach-sign the code.
HTH
PSM
Nathan Smith wrote:
> Does anyone know if there's a solution to signing source code (using gpg), in
> a way which will still allow the source code to function. For example for a
> Java file if the GPG signature code be placed within the comments embedded
> within the Java source (ie /* */ ), of within XML comments (ie )
> for an XML file. We are trying to impliment a source signing policy at our
> company, where a developers source code is signed before it is checked into
> our source control system. But of course, the source must still be able to
> compile, and signing must not effect the functionality of the source.
> Thanks.. Nate
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF+CqVei6R+3iF2vwRCu8eAJ4syVjBDxg/QHlSUiUAF/oI6gpwfgCeKbhl
v3wwib/RPRWchIT7BUEn7Xk=
=RJd8
-----END PGP SIGNATURE-----
From jbruni at mac.com Wed Mar 14 18:06:03 2007
From: jbruni at mac.com (Joseph Oreste Bruni)
Date: Wed, 14 Mar 2007 10:06:03 -0700
Subject: signing source code with gpg
In-Reply-To: <9447180.post@talk.nabble.com>
References: <9447180.post@talk.nabble.com>
Message-ID: <5DDAD3C9-E5CC-488C-9B7C-95A4A9BC1F97@mac.com>
In this case a detached signature would be your best bet. You would
check the detached sig in with the source code. When the source is
checked out, you could then validate that the source has not changed
since it was signed. Be careful, though, if you use any embedded
keywords with your revision control system ($Id$, et al). If the
revision control system changes the content of the files it will
invalidate the signature.
-Joe
On Mar 12, 2007, at 7:02 PM, Nathan Smith wrote:
>
> Does anyone know if there's a solution to signing source code
> (using gpg), in
> a way which will still allow the source code to function. For
> example for a
> Java file if the GPG signature code be placed within the comments
> embedded
> within the Java source (ie /* */ ), of within XML comments (ie )
> for an XML file. We are trying to impliment a source signing
> policy at our
> company, where a developers source code is signed before it is
> checked into
> our source control system. But of course, the source must still be
> able to
> compile, and signing must not effect the functionality of the source.
> Thanks.. Nate
> --
> View this message in context: http://www.nabble.com/signing-source-
> code-with-gpg-tf3393462.html#a9447180
> Sent from the GnuPG - User mailing list archive at Nabble.com.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2508 bytes
Desc: not available
Url : /pipermail/attachments/20070314/5d25716c/attachment.bin
From wk at gnupg.org Wed Mar 14 18:09:01 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 14 Mar 2007 18:09:01 +0100
Subject: gpg-agent: Different TTLs for different keys
In-Reply-To: <45F80210.60508@psmay.com> (Peter S. May's message of "Wed\, 14
Mar 2007 10\:09\:20 -0400")
References: <45F80210.60508@psmay.com>
Message-ID: <87tzwnda6q.fsf@wheatstone.g10code.de>
On Wed, 14 Mar 2007 15:09, me at psmay.com said:
> I want to set gpg-agent to handle both, but the TTL on the e-mail key
> should be 5 minutes and the TTL on the backup key should be indefinite
> (I should only have to enter it every time I boot). Is there a way to
> do this?
No. Or not yet. It is related to https://bugs.g10code.com/gnupg/issue672.
Shalom-Salam,
Werner
From wk at gnupg.org Wed Mar 14 18:09:34 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 14 Mar 2007 18:09:34 +0100
Subject: gpgsm doesn't recognize certs are related to secret keys)
In-Reply-To: <45F802D5.9060306@psmay.com> (Peter S. May's message of "Wed\, 14
Mar 2007 10\:12\:37 -0400")
References: <45F728A0.4010002@psmay.com>
<87y7m0i6d0.fsf@wheatstone.g10code.de> <45F7FE34.3030603@psmay.com>
<45F802D5.9060306@psmay.com>
Message-ID: <87ps7bda5t.fsf@wheatstone.g10code.de>
On Wed, 14 Mar 2007 15:12, me at psmay.com said:
> I realize now this one was an RTFM. Problem was, I expected this
> information in man gpgsm, not man gpg-agent...
Yeah, I should really write the setup chapter for the manual.
Salam-Shalom,
Werner
From jbruni at mac.com Wed Mar 14 18:16:50 2007
From: jbruni at mac.com (Joseph Oreste Bruni)
Date: Wed, 14 Mar 2007 10:16:50 -0700
Subject: GNUPG, how to set the passphrase as parameter in comment line
In-Reply-To: <9469929.post@talk.nabble.com>
References: <9469929.post@talk.nabble.com>
Message-ID: <1ECF6990-7C6A-4CA3-9AEF-BC344B136D49@mac.com>
You have a few choices:
1) remove the passphrase from the private key
2) pass the passphrase to gpg using the --passphase-fd option
3) supply the passphrase using the --pasephrase-file option
4) supply the passphrase using the --passphrase option
On Mar 14, 2007, at 1:04 AM, aloha wrote:
>
> Hi all,
>
> I m new in this forum and new in GnuPG. I m now writing a program
> which need
> to encrypt the outputted csv with GnuPG.
>
> I've wrote a batch file in windows xp to execute the gnu to encrypt,
> everything goes fine.
> But when the gnu start to encrypt, it will as me to input the
> passphrase.
>
> How to "automate" this? Does gnupg provide a parameter which allow
> use to
> input the passphrase that user doesn't need to input everytime?
>
> thanks a lot
>
> Aloha
>
> --
> View this message in context: http://www.nabble.com/GNUPG%2C-how-to-
> set-the-passphrase-as-parameter-in-comment-line-
> tf3400686.html#a9469929
> Sent from the GnuPG - User mailing list archive at Nabble.com.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2508 bytes
Desc: not available
Url : /pipermail/attachments/20070314/be3455ee/attachment.bin
From wk at gnupg.org Wed Mar 14 18:21:24 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 14 Mar 2007 18:21:24 +0100
Subject: signing source code with gpg
In-Reply-To: <45F82A9F.4000509@psmay.com> (Peter S. May's message of "Wed\, 14
Mar 2007 13\:02\:23 -0400")
References: <9447180.post@talk.nabble.com> <45F82A9F.4000509@psmay.com>
Message-ID: <87hcsnd9m3.fsf@wheatstone.g10code.de>
On Wed, 14 Mar 2007 18:02, me at psmay.com said:
> two factors it's really just way better to --detach-sign the code.
I 100% agree. The problem with non-detached signatuires is that it is
very hard to know what you exactly signed. Having two files makes it
obvious what is the signature and what is the signed data. And there
is no need to change the data in any way.
Shalom-Salam,
Werner
p.s.
In this regard PGP/MIME message (not using the combined option) are
also better and any other way to sign mails. That is also why you
should never use the inline PDF signatures - a separate signature file
is far better. Only XML signatures are worde than inline PDF
signatures.
From me at psmay.com Wed Mar 14 19:03:06 2007
From: me at psmay.com (Peter S. May)
Date: Wed, 14 Mar 2007 14:03:06 -0400
Subject: gpg-agent: Different TTLs for different keys
In-Reply-To: <87tzwnda6q.fsf@wheatstone.g10code.de>
References: <45F80210.60508@psmay.com> <87tzwnda6q.fsf@wheatstone.g10code.de>
Message-ID: <45F838DA.2090108@psmay.com>
I had a workaround in mind that involved using multiple homedirs (one in
~/.gnupg and the other in ~/.backup-system2/crypto/gnupg) and then
spinning up one gpg-agent for each, using the first one's GPG_AGENT_INFO
in the normal shells and the other in the backup scripts only. To get
the passphrase cached the first time, I'd steal this page from Gentoo's
keychain script:
# The alternate GPG_AGENT_INFO and GNUPGHOME have already been imported
echo | gpg --use-agent --no-tty --sign --local-user backup \
-o - >/dev/null 2>&1
I'll be working on that.
In the meantime, it would be kind of a nice option, and I don't think
it's quite as complex as the issue you mentioned (though I could be wrong).
Thanks
PSM
Werner Koch wrote:
> On Wed, 14 Mar 2007 15:09, me at psmay.com said:
>
>> I want to set gpg-agent to handle both, but the TTL on the e-mail key
>> should be 5 minutes and the TTL on the backup key should be indefinite
>> (I should only have to enter it every time I boot). Is there a way to
>> do this?
>
> No. Or not yet. It is related to https://bugs.g10code.com/gnupg/issue672.
>
>
>
> Shalom-Salam,
>
> Werner
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070314/aef69d97/attachment.pgp
From wk at gnupg.org Wed Mar 14 18:42:48 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 14 Mar 2007 18:42:48 +0100
Subject: signing source code with gpg
In-Reply-To: <5DDAD3C9-E5CC-488C-9B7C-95A4A9BC1F97@mac.com> (Joseph Oreste
Bruni's message of "Wed\, 14 Mar 2007 10\:06\:03 -0700")
References: <9447180.post@talk.nabble.com>
<5DDAD3C9-E5CC-488C-9B7C-95A4A9BC1F97@mac.com>
Message-ID: <87veh3bu1z.fsf@wheatstone.g10code.de>
On Wed, 14 Mar 2007 18:06, jbruni at mac.com said:
> revision control system changes the content of the files it will
> invalidate the signature.
FWIW, I use this with some files and Subversion:
# Note: The subversion copy of this file carries a gpg:signature
# property with its OpenPGP signature. Check this signature before
# adding entries:
# f=foo; svn pg gpg:signature $f | gpg --verify - $f
# to create a new signature:
# f=foo; gpg -sba $f && svn ps gpg:signature -F $f.asc $f
Shalom-Salam,
Werner
From johns at netfriends.com Tue Mar 13 16:11:58 2007
From: johns at netfriends.com (starsipping)
Date: Tue, 13 Mar 2007 08:11:58 -0700 (PDT)
Subject: Enabling GPGRelay passphrase prompt on e-mail startup
Message-ID: <9456583.post@talk.nabble.com>
GPGRelay works great in our current 15 user setup. However, some of my users
miss the opportunity to enter in their GPGRelay passphrase when their mail
client first notifies them to enter in their passphrase upon receipt of
encrypted mail. If they don't see that they need to enter in their
passphrase, then after about 30 seconds GPGRelay times out and relays the
e-mail in it's encrypted for into their inbox.
While this isn't the end of the world since they can still copy the body of
the e-mail to the clipboard, decrypt it and then past the decrypted contents
into Notepad or something similar, we're hoping that we can find a way to
make GPGRelay prompt for the passphrase immediately upon startup or when
their mail client first checks e-mail so they have some consistency. As it
is now, the users may not get prompted to enter in their password until some
random time in the middle of the day when they first receive some encrypted
e-mail.
Does anyone know how to modify when GPGRelay can prompt for the passphrase
to force it to prompt upon initial startup or upon initial receipt of email?
For full disclosure, all the clients are running on Windows 2000/XP, Outlook
2003 as the mail client, GPG client 1.4.1 and GPGRelay 0.959.
Thanks so much!
--
View this message in context: http://www.nabble.com/Enabling-GPGRelay-passphrase-prompt-on-e-mail-startup-tf3396593.html#a9456583
Sent from the GnuPG - User mailing list archive at Nabble.com.
From jharris at widomaker.com Wed Mar 14 22:32:14 2007
From: jharris at widomaker.com (Jason Harris)
Date: Wed, 14 Mar 2007 17:32:14 -0400
Subject: signing source code with gpg
In-Reply-To: <87veh3bu1z.fsf@wheatstone.g10code.de>
References: <9447180.post@talk.nabble.com>
<5DDAD3C9-E5CC-488C-9B7C-95A4A9BC1F97@mac.com>
<87veh3bu1z.fsf@wheatstone.g10code.de>
Message-ID: <20070314213214.GA67082@wilma.widomaker.com>
On Wed, Mar 14, 2007 at 06:42:48PM +0100, Werner Koch wrote:
> On Wed, 14 Mar 2007 18:06, jbruni at mac.com said:
> > revision control system changes the content of the files it will
> > invalidate the signature.
I've read opinions that keyword expansion is deprecated, and seeing
things like:
$MBSDlabs: portmk/bsd.ocaml.mk,v 1.18 2006/08/06 18:47:23 stas Exp $
$FreeBSD: ports/Mk/bsd.ocaml.mk,v 1.1 2007/03/14 04:05:25 linimon Exp $
makes me tend to agree. While this shows the origin of the file in
multiple repositories, does it really help the upstream author when
merging patches from downstream?
Also, CVS (and probably other systems) doesn't update keywords until
after a checkin+checkout cycle, so any signatures you [re]generate
before the next checkout will be[come] broken. Thus, using keyword
expansion means you have to trust the server to give back your files
with hopefully only the keywords modified before you can [re-]sign
them. Of course, this requires two checkins and is particularly
noticeable (i.e., ugly) and even more problematic (i.e., "The sigs
are broken in -r5, get -r6.") on newer systems with atomic commits
that would otherwise prevent this (keyword-expansion-race) problem.
> FWIW, I use this with some files and Subversion:
>
> # Note: The subversion copy of this file carries a gpg:signature
> # property with its OpenPGP signature. Check this signature before
> # adding entries:
> # f=foo; svn pg gpg:signature $f | gpg --verify - $f
> # to create a new signature:
> # f=foo; gpg -sba $f && svn ps gpg:signature -F $f.asc $f
Finally! :)
But (for those who may be unaware), unfortunately this will allow
valid sigs from _any key_ you happen to have in _any of the keyrings_
GPG accesses during this step.
Now seems like a good time to ask for an option like:
--require-sig-from [ ...]
to make sure sigs are only from particular signers.
As an add-on to the FreeBSD ports system, I've already had to employ
--status-fd to make sure I get a signature from an expected signer:
===> Verifying PGP signature gnupg-1.4.7.tar.bz2.sig
gpg: assuming signed data in `/usr/ports/distfiles//gnupg-1.4.7.tar.bz2'
gpg: Signature made Mon Mar 5 04:54:17 2007 EST using RSA key ID 1CE0C630
gpg: please do a --check-trustdb
gpg: Good signature from "Werner Koch (dist sig) "
Primary key fingerprint: 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630
gpg: binary signature, digest algorithm SHA1
===> Valid sig. from expected ID 0x7B96D396E6471601754BE4DB53B620D01CE0C630.
versus a key ID that differs even by only one bit:
===> Verifying PGP signature gnupg-1.4.7.tar.bz2.sig
gpg: assuming signed data in `/usr/ports/distfiles//gnupg-1.4.7.tar.bz2'
gpg: Signature made Mon Mar 5 04:54:17 2007 EST using RSA key ID 1CE0C630
gpg: please do a --check-trustdb
gpg: Good signature from "Werner Koch (dist sig) "
Primary key fingerprint: 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630
gpg: binary signature, digest algorithm SHA1
=> error: File wasn't signed by ID 0x7B96D396E6471601754BE4DB53B620D01CE0C631.
=> error: Make sure sigs. from ID 0x7B96D396E6471601754BE4DB53B620D01CE0C630
=> error: are legitimate before adjusting FP_SIG_000 in Makefile.csig
*** Error code 1
or several expected signers:
===> Verifying PGP signature subversion-1.4.3.tar.bz2.asc
gpg: armor header: Version: GnuPG v1.4.5 (Cygwin)
gpg: armor header: Version: GnuPG v1.4.3 (GNU/Linux)
gpg: armor header: Version: GnuPG v1.4.5 (GNU/Linux)
gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux)
gpg: armor header: Version: GnuPG v1.4.6 (Darwin)
gpg: assuming signed data in `/usr/ports/distfiles/subversion/subversion-1.4.3.tar.bz2'
[snip]
===> Valid sig. from expected ID 0x03341CF464A23E9416E76B1EA1FCE25133D38008 23885E64C64E981E4884834D7C535299C0F2C580 332480DA0F8CA37DAEE6D0840B03AE6E4E24517C 3C016F2B764621BB549C66B516A96495E2226795 AAFF6033364F02BB1239907567D9B249674F05E0.
(As implemented, this requires at least one VALIDSIG from every fingerprint
in the list.)
NB: This facilitates [re]fetching the key(s) in advance of the signature
check to help catch any revocations _and_ removes the need to --[l]sign
keys to "memorize" them as "expected" signers and/or to juggle keyrings,
esp. with gpgv.
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20070314/72ee98a2/attachment.pgp
From bdc at topenergy.co.nz Wed Mar 14 22:45:27 2007
From: bdc at topenergy.co.nz (Bruce Cowin)
Date: Thu, 15 Mar 2007 10:45:27 +1300
Subject: PGP Desktop and GPG
Message-ID:
If I have generated a key using PGP Desktop, would I be able to import and use that key with GnuPG? Our subscription to PGP Desktop is about to expire and it says the functionality will be reduced to that of PGP Freeware. All we do with it is encrypt files (not emails), so I think this is ok. I'm not sure if the PGP Desktop gui interface will stop working or not, so thought we could use GnuPG and Gpg4Win which we currently use on another project to replace PGP Desktop.
Thanks for any help.
Regards,
Bruce
From jmoore3rd at bellsouth.net Wed Mar 14 23:59:28 2007
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Wed, 14 Mar 2007 18:59:28 -0400
Subject: PGP Desktop & GnuPG
Message-ID: <45F87E50.3010703@bellsouth.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Bruce Cowin wrote:
> If I have generated a key using PGP Desktop, would I be able to import
and use that key with GnuPG? Our subscription to PGP Desktop is about
to expire and it says the functionality will be reduced to that of PGP
Freeware. All we do with it is encrypt files (not emails), so I think
this is ok. I'm not sure if the PGP Desktop gui interface will stop
working or not, so thought we could use GnuPG and Gpg4Win which we
currently use on another project to replace PGP Desktop.
>
> Thanks for any help.
I was unable to 'trim' this Reply cause You have a word wrap issue.
However; for what You are doing, the Freeware version should perform
just Fine. Answer to Main Question; YES, You can Import your PGP
Keyrings into GnuPG. Fact of the matter; I know several individuals
using *one* Keyring for both PGP & GPG.
Personally, I prefer GnuPG over PGP for several reasons; the most
primary being that I find more functionality in GnuPG.
HTH!
JOHN 8-)
Timestamp: Wednesday 14 Mar 2007, 18:59 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8-svn4459: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: My Homepage: http://tinyurl.com/yzhbhx
iQEcBAEBCgAGBQJF+H5OAAoJEBCGy9eAtCsPnzwH/2jdPMkNNuHjtWBiQ1HkDki8
4S2sfMCJGbZfeObM5+sEaA2/520mXrVcrXD1W7kkhqz/gV9D1X0dPkJFblo3LMHk
MiA2ttEvoN+gQlHLbbaEVLB+oO5F0Hy7oCe05Tgh+BxeasIJ4OQkGBWudQZzdx25
nAki/itIgLoHrRhqJ6NZMKM5QRsHV0uittbfJq4b2Er9FVUwbZTJCNlAvCTtyngM
vG+tVqanDX59azz/f8h1sTr6b72umT/pFr1cwvxW81Ye9MpqhfBnD+PmnIbVoYBI
XDyWGjdbK73eKY2zUAK+Su5ut/PFXsfaJdT2OoeOqRIu2gT/E4i+VEV4Cs4mlOo=
=7s6U
-----END PGP SIGNATURE-----
From svt at teris.de Thu Mar 15 01:20:04 2007
From: svt at teris.de (Sebsatian von Thadden)
Date: Thu, 15 Mar 2007 01:20:04 +0100
Subject: Cardreader Pinpad only on linux ?
Message-ID: <45F89134.8030805@teris.de>
Hi,
this community is one of the best, I've ever seen.
Now, I've a little question:
Is the smartcard-reader-pinpad function only available under
linux-system or should this work under windows ?
I'm using a SCM-Card-Reader: Chipdrive Pinpad 532.
The cardreader works perfectly with gpg, just the pinpad is unused.
Thanks a lot!
Bye,
Sebastian
From dshaw at jabberwocky.com Thu Mar 15 02:00:40 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 14 Mar 2007 21:00:40 -0400
Subject: PGP Desktop and GPG
In-Reply-To:
References:
Message-ID: <20070315010040.GA4917@jabberwocky.com>
On Thu, Mar 15, 2007 at 10:45:27AM +1300, Bruce Cowin wrote:
> If I have generated a key using PGP Desktop, would I be able to
> import and use that key with GnuPG? Our subscription to PGP Desktop
> is about to expire and it says the functionality will be reduced to
> that of PGP Freeware. All we do with it is encrypt files (not
> emails), so I think this is ok. I'm not sure if the PGP Desktop gui
> interface will stop working or not, so thought we could use GnuPG
> and Gpg4Win which we currently use on another project to replace PGP
> Desktop.
The short answer is yes, any key you generate with a roughly recent
PGP Desktop can be used with GnuPG, and vice versa. Just export it
from one (remember to export the secret key too) and import it into
the other.
David
From bdc at topenergy.co.nz Thu Mar 15 02:28:31 2007
From: bdc at topenergy.co.nz (Bruce Cowin)
Date: Thu, 15 Mar 2007 14:28:31 +1300
Subject: PGP Desktop and GPG
Message-ID:
Thanks David. But if I'm only encrypting files for others (and not decrypting any), then I only need to export their public key, right? My private key doesn't come into it, does it?
Thanks again.
Regards,
Bruce
>>> David Shaw 15/03/2007 2:00 p.m. >>>
On Thu, Mar 15, 2007 at 10:45:27AM +1300, Bruce Cowin wrote:
> If I have generated a key using PGP Desktop, would I be able to
> import and use that key with GnuPG? Our subscription to PGP Desktop
> is about to expire and it says the functionality will be reduced to
> that of PGP Freeware. All we do with it is encrypt files (not
> emails), so I think this is ok. I'm not sure if the PGP Desktop gui
> interface will stop working or not, so thought we could use GnuPG
> and Gpg4Win which we currently use on another project to replace PGP
> Desktop.
The short answer is yes, any key you generate with a roughly recent
PGP Desktop can be used with GnuPG, and vice versa. Just export it
from one (remember to export the secret key too) and import it into
the other.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From dshaw at jabberwocky.com Thu Mar 15 03:04:19 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 14 Mar 2007 22:04:19 -0400
Subject: PGP Desktop and GPG
In-Reply-To:
References:
Message-ID: <20070315020419.GB4917@jabberwocky.com>
On Thu, Mar 15, 2007 at 02:28:31PM +1300, Bruce Cowin wrote:
> Thanks David. But if I'm only encrypting files for others (and not
> decrypting any), then I only need to export their public key, right?
> My private key doesn't come into it, does it?
That's correct. Most people do need to decrypt stuff sent to them,
and so they'd need a private key. If you are strictly encrypting to
others, then all you need is their public key.
David
From hira at atlas-is.co.jp Thu Mar 15 01:50:31 2007
From: hira at atlas-is.co.jp (HIRA, Shuichi)
Date: Thu, 15 Mar 2007 09:50:31 +0900
Subject: GNUPG, how to set the passphrase as parameter in comment line
In-Reply-To: <1ECF6990-7C6A-4CA3-9AEF-BC344B136D49@mac.com>
References: <1ECF6990-7C6A-4CA3-9AEF-BC344B136D49@mac.com>
Message-ID: <200703150050.AA01105@vela.sun.atlas-is.co.jp>
Hi,
>You have a few choices:
>1) remove the passphrase from the private key
>2) pass the passphrase to gpg using the --passphase-fd option
>3) supply the passphrase using the --pasephrase-file option
>4) supply the passphrase using the --passphrase option
5) use GPGME library
I think this is the best way to "automate".
I built dll, but cannot post "howto" yet, sorry.
I found,
1: to send passphrase in passphrase_cb, must not "write" to fd, use "_gpgme_io_write"
2: GPGME has some memory leak, need to free some object
debug_lock, notify_table_lock, reader_table_lock, writer_table_lock, ...
...and so on
--
HIRA, Shuichi
Atlas Information Service Inc.
IT Development Room
hira at atlas-is.co.jp
From bdc at topenergy.co.nz Thu Mar 15 04:15:07 2007
From: bdc at topenergy.co.nz (Bruce Cowin)
Date: Thu, 15 Mar 2007 16:15:07 +1300
Subject: PGP Desktop and GPG
Message-ID:
Cool, thanks everyone!
Regards,
Bruce
>>> John Clizbe 15/03/2007 4:10 p.m. >>>
Bruce Cowin wrote:
> If I have generated a key using PGP Desktop, would I be able to import and
> use that key with GnuPG? Our subscription to PGP Desktop is about to expire and it
> says the functionality will be reduced to that of PGP Freeware. All we do with
> it is encrypt files (not emails), so I think this is ok. I'm not sure if the PGP
> Desktop gui interface will stop working or not, so thought we could use GnuPG
> and Gpg4Win which we currently use on another project to replace PGP Desktop.
The PGP GUI in freeware mode should continue working. The paid elements include
the email plugins and PGPdisk.
It is fairly easy to import your entire keyring set to GnuPG
gpg --import \path\to\secring.skr
gpg --import \path\to\pubring.pkr
The above works at this time (PGP 9.x and GnuPG 1.4). It will quire possibly
change at some future date. The canonical method is to export the keys from PGP
and import them into GnuPG. Adding '--import-options import-local-sigs' to the
command line will import local signatures.
--
John P. Clizbe Inet: John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?" / "two words: good decisions."
"what's the key to good decisions?" / "one word: experience."
"how do i get experience?" / "two words: bad decisions."
"Just how do the residents of Haiku, Hawai'i hold conversations?"
From vedaal at hush.com Thu Mar 15 14:56:20 2007
From: vedaal at hush.com (vedaal at hush.com)
Date: Thu, 15 Mar 2007 09:56:20 -0400
Subject: PGP Desktop & GnuPG
Message-ID: <20070315135620.EBC1622821@mailserver9.hushmail.com>
>Message: 3
>Date: Wed, 14 Mar 2007 18:59:28 -0400
>From: "John W. Moore III"
>Subject: PGP Desktop & GnuPG
>To: gnupg-users at gnupg.org
>Message-ID: <45F87E50.3010703 at bellsouth.net>
>Content-Type: text/plain; charset=UTF-8
>using *one* Keyring for both PGP & GPG.
caveat:
if there is only one keyring, it should be the *gnupg* one,
which pgp can read,
but should *not* write to, or it can corrupt the gnupg keyring
all key editing funnctions should be done through gnupg
vedaal
--
Click to lower your debt and consolidate your monthly expenses
http://tagline.hushmail.com/fc/CAaCXv1QPROseHenOtTJD8L0v7BSRYLD/
From wk at gnupg.org Thu Mar 15 08:23:18 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 15 Mar 2007 08:23:18 +0100
Subject: Cardreader Pinpad only on linux ?
In-Reply-To: <45F89134.8030805@teris.de> (Sebsatian von Thadden's message of
"Thu\, 15 Mar 2007 01\:20\:04 +0100")
References: <45F89134.8030805@teris.de>
Message-ID: <87zm6fug0p.fsf@wheatstone.g10code.de>
On Thu, 15 Mar 2007 01:20, svt at teris.de said:
> Is the smartcard-reader-pinpad function only available under
> linux-system or should this work under windows ?
Yes.
There are no plans to support it for Windows. Unless we decide to
really port GnuPG-2 to Windows. That may or may not happen.
Salam-Shalom,
Werner
From wk at gnupg.org Thu Mar 15 09:13:12 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 15 Mar 2007 09:13:12 +0100
Subject: signing source code with gpg
In-Reply-To: <20070314213214.GA67082@wilma.widomaker.com> (Jason Harris's
message of "Wed\, 14 Mar 2007 17\:32\:14 -0400")
References: <9447180.post@talk.nabble.com>
<5DDAD3C9-E5CC-488C-9B7C-95A4A9BC1F97@mac.com>
<87veh3bu1z.fsf@wheatstone.g10code.de>
<20070314213214.GA67082@wilma.widomaker.com>
Message-ID: <87ird2vs9z.fsf@wheatstone.g10code.de>
On Wed, 14 Mar 2007 22:32, jharris at widomaker.com said:
> Now seems like a good time to ask for an option like:
>
> --require-sig-from [ ...]
>
> to make sure sigs are only from particular signers.
You can do the same by using gpgv it verifies only if the key is in a
special keyring. I am not sure whether adding the suggested option is
really a good idea. Other folks will come and demand further
customization.
> As an add-on to the FreeBSD ports system, I've already had to employ
> --status-fd to make sure I get a signature from an expected signer:
Scripts are the way we do it in Unix ;-)
Shalom-Salam,
Werner
From wk at gnupg.org Thu Mar 15 18:32:09 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 15 Mar 2007 18:32:09 +0100
Subject: PGP Desktop & GnuPG
In-Reply-To: <20070315135620.EBC1622821@mailserver9.hushmail.com>
(vedaal@hush.com's message of "Thu\, 15 Mar 2007 09\:56\:20 -0400")
References: <20070315135620.EBC1622821@mailserver9.hushmail.com>
Message-ID: <87odmutnty.fsf@wheatstone.g10code.de>
On Thu, 15 Mar 2007 14:56, vedaal at hush.com said:
> if there is only one keyring, it should be the *gnupg* one,
> which pgp can read,
> but should *not* write to, or it can corrupt the gnupg keyring
You probably can guess my usual remark:
The format gpg's keyring is not a standard but an interal format of
gpg. It is just coincidence that PGP uses the same format and that it
resembles the defined transport format. So don't blame gpg if the
format of the keyring changes at one point in time and messes up all
your scripts.
Salam-Shalom,
Werner
From lists at kcoates.com Thu Mar 15 21:22:58 2007
From: lists at kcoates.com (Kevin Coates)
Date: Thu, 15 Mar 2007 16:22:58 -0400
Subject: Enabling GPGRelay passphrase prompt on e-mail startup
In-Reply-To: <9456583.post@talk.nabble.com>
References: <9456583.post@talk.nabble.com>
Message-ID: <45F9AB22.7080406@kcoates.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
On 2007/03/13 11:11:58 AM -0400, starsipping wrote:
> Does anyone know how to modify when GPGRelay can prompt for the
> passphrase to force it to prompt upon initial startup or upon initial
> receipt of email?
Click on the GPGrelay icon and select the Keyrules tab. Select and right
click your e-mail address which would be your private key(s). Select the
Edit Keyrule submenu. Highlite the "Ask for Passphrase and remember for"
and "until GPGrelay terminates" options. Optionally you could select and
enter a value for the "Always use this passphrase" option, if you feel
comfortable doing so.
- --
Kevin Coates
Dewitt, NY USA
________________________________________________________________
(see kludges for my pgp key)
-----BEGIN PGP SIGNATURE-----
iD8DBQFF+asivZSrVDqOXK0RA3DRAJ4gygtt7YSokoY0q/n026hdoSy9BQCgsbFA
W+rTj+tJalzIi+yl7ZU+bNQ=
=N44k
-----END PGP SIGNATURE-----
From kfitzner at excelcia.org Thu Mar 15 23:14:13 2007
From: kfitzner at excelcia.org (Kurt Fitzner)
Date: Thu, 15 Mar 2007 16:14:13 -0600
Subject: Deleting a designated revoker
Message-ID: <45F9C535.4000108@excelcia.org>
In PGP desktop 9.5, I can delete a designated revoker from my keyring.
Having used GnuPG pretty much exclusively, I was under the impression
this was impossible. It wouldn't be an issue, but having torn my hair
out for several days over why CACert's OpenPGP signature system wouldn't
sign my key, I finally figured out it doesn't handle keys with revokers
on it.
Since deleting a revoker is possible, might I suggest that GPG
incorporate this ability.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 305 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070315/89f3e339/attachment.pgp
From John at Mozilla-Enigmail.org Thu Mar 15 04:10:19 2007
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Wed, 14 Mar 2007 22:10:19 -0500
Subject: PGP Desktop and GPG
In-Reply-To:
References:
Message-ID: <45F8B91B.2000800@Mozilla-Enigmail.org>
Bruce Cowin wrote:
> If I have generated a key using PGP Desktop, would I be able to import and
> use that key with GnuPG? Our subscription to PGP Desktop is about to expire and it
> says the functionality will be reduced to that of PGP Freeware. All we do with
> it is encrypt files (not emails), so I think this is ok. I'm not sure if the PGP
> Desktop gui interface will stop working or not, so thought we could use GnuPG
> and Gpg4Win which we currently use on another project to replace PGP Desktop.
The PGP GUI in freeware mode should continue working. The paid elements include
the email plugins and PGPdisk.
It is fairly easy to import your entire keyring set to GnuPG
gpg --import \path\to\secring.skr
gpg --import \path\to\pubring.pkr
The above works at this time (PGP 9.x and GnuPG 1.4). It will quire possibly
change at some future date. The canonical method is to export the keys from PGP
and import them into GnuPG. Adding '--import-options import-local-sigs' to the
command line will import local signatures.
--
John P. Clizbe Inet: John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?" / "two words: good decisions."
"what's the key to good decisions?" / "one word: experience."
"how do i get experience?" / "two words: bad decisions."
"Just how do the residents of Haiku, Hawai'i hold conversations?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 663 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070314/de078b2b/attachment.pgp
From dshaw at jabberwocky.com Fri Mar 16 15:13:08 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 16 Mar 2007 10:13:08 -0400
Subject: Deleting a designated revoker
In-Reply-To: <45F9C535.4000108@excelcia.org>
References: <45F9C535.4000108@excelcia.org>
Message-ID: <20070316141308.GB29687@jabberwocky.com>
On Thu, Mar 15, 2007 at 04:14:13PM -0600, Kurt Fitzner wrote:
> In PGP desktop 9.5, I can delete a designated revoker from my keyring.
> Having used GnuPG pretty much exclusively, I was under the impression
> this was impossible. It wouldn't be an issue, but having torn my hair
> out for several days over why CACert's OpenPGP signature system wouldn't
> sign my key, I finally figured out it doesn't handle keys with revokers
> on it.
>
> Since deleting a revoker is possible, might I suggest that GPG
> incorporate this ability.
This is not exactly true. You can certainly delete the packet that
says "this key has a designated revoker", but note that there is no
way to undo the designation if the key has been distributed. It's
like a signature from a key you don't own: you could delete the
signature packet, but you can't revoke it. Designated revoker
signatures are irrevocable as part of the OpenPGP protocol, even
though they are issued from your own key.
What PGP is doing is just deleting the packet. If you sync with a
keyserver that has your key, the packet will just come back.
All that said, yes, GPG has no way to delete designated revoker
packets. The only way to do it is export your public key and run
'gpgsplit' on it. Then delete the packet you want to get rid of and
'cat' the packets back together.
David
From me at psmay.com Fri Mar 16 17:29:58 2007
From: me at psmay.com (Peter S. May)
Date: Fri, 16 Mar 2007 12:29:58 -0400
Subject: Deleting a designated revoker
In-Reply-To: <20070316141308.GB29687@jabberwocky.com>
References: <45F9C535.4000108@excelcia.org>
<20070316141308.GB29687@jabberwocky.com>
Message-ID: <45FAC606.7030300@psmay.com>
> All that said, yes, GPG has no way to delete designated revoker
> packets. The only way to do it is export your public key and run
> 'gpgsplit' on it. Then delete the packet you want to get rid of and
> 'cat' the packets back together.
See below for all the support for revoker removal that you need.
I had to do it. :-)
Question for Werner: Will there ever be a --with-colons for
--list-packets? This script might not be friendly to non-English versions.
Good luck
PSM
The following script is hereby public domain.
usage: strip-revokers < public.key > public-stripped.key
#!/bin/bash
umask 077
DIR=`mktemp -d`
PREFIX="$DIR/packet-"
IFS=$'\n'
gpgsplit -p "$PREFIX" "$@" &2
cat "$i"
else
echo "Omitting `basename "$i"`: contains revocation" >&2
fi
else
echo "Adding `basename "$i"`" >&2
cat "$i"
fi
shred -uz "$i"
done
rmdir "$DIR"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070316/0c91aa1f/attachment-0001.pgp
From me at psmay.com Fri Mar 16 17:45:54 2007
From: me at psmay.com (Peter S. May)
Date: Fri, 16 Mar 2007 12:45:54 -0400
Subject: strip-revokers script
In-Reply-To: <45FAC606.7030300@psmay.com>
References: <45F9C535.4000108@excelcia.org> <20070316141308.GB29687@jabberwocky.com>
<45FAC606.7030300@psmay.com>
Message-ID: <45FAC9C2.7030801@psmay.com>
Caught a couple of glitches. Ignore the previous version.
#!/bin/bash
umask 077
DIR=`mktemp -d`
PREFIX="packet-"
PREFIXPAT="$PREFIX*"
IFS=$'\n'
gpgsplit -p "$DIR/$PREFIX" "$@" &2
cat "$i"
else
echo "Omitting `basename "$i"`: contains revocation" >&2
fi
else
echo "Adding `basename "$i"`" >&2
cat "$i"
fi
shred -uz "$i"
done
rmdir "$DIR"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070316/204a80dd/attachment.pgp
From johns at netfriends.com Fri Mar 16 23:56:35 2007
From: johns at netfriends.com (starsipping)
Date: Fri, 16 Mar 2007 15:56:35 -0700 (PDT)
Subject: Enabling GPGRelay passphrase prompt on e-mail startup
In-Reply-To: <9456583.post@talk.nabble.com>
References: <9456583.post@talk.nabble.com>
Message-ID: <9523961.post@talk.nabble.com>
Dirk Zemisch provided the following information which successfully resolved
our issue:
>
> "On the Keyrules tab you can edit properties for each key. In
> this dialog for secret keys you have some options to check. There
> is one option 'Prompt at startup'. Check it and all will be fine."
>
starsipping wrote:
>
> Does anyone know how to modify when GPGRelay can prompt for the passphrase
> to force it to prompt upon initial startup or upon initial receipt of
> email?
>
>
--
View this message in context: http://www.nabble.com/Enabling-GPGRelay-passphrase-prompt-on-e-mail-startup-tf3396593.html#a9523961
Sent from the GnuPG - User mailing list archive at Nabble.com.
From svt at teris.de Sat Mar 17 01:04:55 2007
From: svt at teris.de (Sebastian von Thadden)
Date: Sat, 17 Mar 2007 01:04:55 +0100
Subject: HowTo make a donation to gpg...
Message-ID: <45FB30A7.1060806@teris.de>
Hi,
I'm really exaltet about gpg and want to support the project with a
little donation. I think, if I can't help to develop such a good
project, the team should get a little bit support. The most OS-projects
are better than commercial products. A donation is the least, that I
(and other users) can do.
On the gpg-website I've searched for a paypal-donation button or
something else... Nothing.
I think, the gpg-team should install a possibility for this on the website.
Bye,
Sebastian
From rjh at sixdemonbag.org Sat Mar 17 01:52:29 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 16 Mar 2007 19:52:29 -0500
Subject: HowTo make a donation to gpg...
In-Reply-To: <45FB30A7.1060806@teris.de>
References: <45FB30A7.1060806@teris.de>
Message-ID:
> On the gpg-website I've searched for a paypal-donation button or
> something else... Nothing.
>
> I think, the gpg-team should install a possibility for this on the
> website.
This has been asked a few times. The last time it was asked, the
developers said that it would create a lot of problems. How should
the money be split up? While the developers certainly deserve
credit, so too do people on mailing lists who help newbies, so too do
people who search through the code and find bugs, so too do...
etcetera, etcetera.
However, GnuPG is--as you can guess from its name--a GNU project,
which means it's closely affiliated with the Free Software
Foundation. The FSF is a non-profit charity headquartered in the
United States, and gratefully accepts donations.
https://www.fsf.org/associate/support_freedom/donate
From lists_de at zemisch.de Sat Mar 17 04:09:22 2007
From: lists_de at zemisch.de (Dirk Zemisch)
Date: Sat, 17 Mar 2007 10:09:22 +0700
Subject: HowTo make a donation to gpg...
In-Reply-To:
References: <45FB30A7.1060806@teris.de>
Message-ID: <441175334.20070317100922@zemisch.de>
Hello Sebastian, hi all
On Friday, March 16, 2007, at 19:52 GMT -05 (Saturday, March 17, 2007,
at 07:52 my local time), Robert J. Hansen chipped in:
> However, GnuPG is--as you can guess from its name--a GNU project,
> which means it's closely affiliated with the Free Software
> Foundation. The FSF is a non-profit charity headquartered in the
> United States, and gratefully accepts donations.
> https://www.fsf.org/associate/support_freedom/donate
Or, for europeans, try here for the FSF Europe:
http://www.fsfeurope.org/help/donate.de.html (german version)
--
Bye,
Dirk
An excerpt from Plato:
He who can properly define and divide is to be considered a god.
From wk at gnupg.org Mon Mar 19 09:45:44 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 19 Mar 2007 09:45:44 +0100
Subject: Deleting a designated revoker
In-Reply-To: <45FAC606.7030300@psmay.com> (Peter S. May's message of "Fri\, 16
Mar 2007 12\:29\:58 -0400")
References: <45F9C535.4000108@excelcia.org>
<20070316141308.GB29687@jabberwocky.com> <45FAC606.7030300@psmay.com>
Message-ID: <87lkht62pz.fsf@wheatstone.g10code.de>
On Fri, 16 Mar 2007 17:29, me at psmay.com said:
> Question for Werner: Will there ever be a --with-colons for
> --list-packets? This script might not be friendly to non-English versions.
No there wil be no such option. The OpenPGP message is already
machine readable ;-)
LC_ALL=C; export LC_ALL
LANG= ; export LANG
should help to avoid i18n problems.
Shalom-Salam,
Werner
From jharris at widomaker.com Wed Mar 21 04:23:14 2007
From: jharris at widomaker.com (Jason Harris)
Date: Tue, 20 Mar 2007 23:23:14 -0400
Subject: new (2007-03-18) keyanalyze results (+sigcheck)
Message-ID: <20070321032314.GA828@wilma.widomaker.com>
New keyanalyze results are available at:
http://keyserver.kjsl.com/~jharris/ka/2007-03-18/
Signatures are now being checked using keyanalyze+sigcheck:
http://dtype.org/~aaronl/
Earlier reports are also available, for comparison:
http://keyserver.kjsl.com/~jharris/ka/
Even earlier monthly reports are at:
http://dtype.org/keyanalyze/
SHA-1 hashes and sizes for all the "permanent" files:
c3d94da51aec16bca25aa28f8d0b850841fa8329 14641776 preprocess.keys
22b666022b1d47dda1d0ecd2f348c692afba6fe2 8531579 othersets.txt
35807e06167623d50f2247acce21c9503bb01d66 3507678 msd-sorted.txt
35d9f25e5db5c08db5853f00da05ee66771b31b5 2278 keyring_stats
f4da768310b8afa588f2434159479085a7178148 1380285 msd-sorted.txt.bz2
30855130432a7c7e404f85c367c42bc276e106f2 26 other.txt
36625506f5a4d10f801743e2c490264911a98c3a 1852023 othersets.txt.bz2
5bbabe86293e2c4b846e42d7978e596b97ed858d 5954318 preprocess.keys.bz2
ebb42bceef65bd4e723abb9c05aa0ce21d9dfe6e 15108 status.txt
c4dc5f05989aea0a59926e7a2d657e640c962205 194524 top1000table.html
278422b27d4399b539e784def9f016a5453d2793 29708 top1000table.html.gz
96623cdd38aeae9904db8df3772bdc0f19f758fe 9781 top50table.html
4a0ddb9ad55ed7dca50ef41dd36ec75ac3c63504 2529 D3/D39DA0E3
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20070320/98216044/attachment.pgp
From George.Shaffer at comcast.net Wed Mar 21 05:39:04 2007
From: George.Shaffer at comcast.net (George Shaffer)
Date: Wed, 21 Mar 2007 00:39:04 -0400
Subject: Saving a gpg signed message as plain text from Evolution?
Message-ID: <1174451943.1822.236.camel@localhost.localdomain>
I've searched the archives and have found messages somewhat related to
this, but nothing that actually helps. I'm using Evolution 1.4.5; it's
old and I'd love to upgrade everything but that is not an option at this
time.
In the past I've saved what I gather are called in line signatures to a
file and verified them with no problem. It never occurred to me that
saving the multi part messages that Evolution creates when you sign one
of your own messages would be a problem. The multi part messages are
convenient, but if the only place that you can verify a specific message
from is the email client that it was sent from (and the original
recipient), it defeats a major purpose of digital signatures: proof of
who sent it and that the message is unchanged.
In a legal dispute the sender would look like a fool if he claimed it
verified in the email program on his PC, but could not get it to verify
anywhere else. The only other person who could verify the message, would
be the person least likely to have any desire to assist.
I've spent hours trying to get a signed message out of the sent folder
of Evolution. Using a message with an in line signature as an example
and gpg error messages, I've gotten to the point that gpg will try to
verify it but it always verifies bad.
That is not surprising since Evolution breaks very long URLs into 2 or
three lines, converts copyright symbols to =C2=A9, adds =20 here and
there (I think blanks at the end of a line), adds returns (^M) at the
end of every line in the message area. Something I saw suggested this
was part of the standard? I've fixed everything I could find and tried
it with and without the returns and with and without spaces for =20 and
all verify bad.
Is there anything that I can do to get a signed email out of Evolution
1.4.5 as verifiable plain text. It's pretty important and any assistance
would be much appreciated. I'm willing to do just about anything,
include resend it to someone who has a client that will save it in a way
that it can be verified. Privacy is not a concern, as I plan to post
this email to my web site. But the second sentence says "Please note
that this is a digitally signed document, and legal notice . . ." and it
will look pretty dumb if I have to explain why it won't verify.
In the future, I will prepare and sign important documents outside of
Evolution, and paste them in when they're ready, if I can't find
something better.
George Shaffer
--
For my GnuPG key ID and fingerprint see http://geodsoft.com/about/
From ewrobinson at fedex.com Wed Mar 21 15:43:04 2007
From: ewrobinson at fedex.com (Eric Robinson)
Date: Wed, 21 Mar 2007 09:43:04 -0500
Subject: Erroneous char at the end of a file...
Message-ID:
Hello Group,
I have a customer that is getting erroneous characters in the data at
the end of a file (looks like ASCII ?) when they decrypt. This does not
happen for every file.
This customer is decrypting our GPG encrypted file with Authora's Edge
2.5.1
We have looked at the data before the GPG encryption and It is clean and
free of characters
Has anyone seen this type of issue with Authora's Edge software? I
would appreciate any help at all.
Thanks,
Eric
From oryann9 at yahoo.com Wed Mar 21 20:46:57 2007
From: oryann9 at yahoo.com (oryann9)
Date: Wed, 21 Mar 2007 12:46:57 -0700 (PDT)
Subject: Erroneous char at the end of a file...
In-Reply-To:
Message-ID: <20070321194657.2843.qmail@web63407.mail.re1.yahoo.com>
Hello,
What version of GPG are you using?
What is your encrypt and decrypt strings?
Are you aware of --textmode if platforms differ?
And --armour and --no-mangle-dos-filenames?
--- Eric Robinson wrote:
> Hello Group,
> I have a customer that is getting erroneous
> characters in the data at
> the end of a file (looks like ASCII ?) when they
> decrypt. This does not
> happen for every file.
>
> This customer is decrypting our GPG encrypted file
> with Authora's Edge
> 2.5.1
>
> We have looked at the data before the GPG encryption
> and It is clean and
> free of characters
>
> Has anyone seen this type of issue with Authora's
> Edge software? I
> would appreciate any help at all.
>
>
> Thanks,
> Eric
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
____________________________________________________________________________________
Now that's room service! Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.
http://farechase.yahoo.com/promo-generic-14795097
From hhhobbit at securemecca.net Wed Mar 21 22:49:07 2007
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Wed, 21 Mar 2007 15:49:07 -0600
Subject: Saving a gpg signed message as plain text from Evolution?
In-Reply-To:
References:
Message-ID: <1174513747.4664.16.camel@sirius.brigham.net>
On Wed, 2007-03-21 at 00:39:04 -0100,
wrote:
> Message: 8
> Date: Wed, 21 Mar 2007 00:39:04 -0400
> From: George Shaffer
> Subject: Saving a gpg signed message as plain text from Evolution?
> To: gnupg-users at gnupg.org
> Message-ID: <1174451943.1822.236.camel at localhost.localdomain>
> Content-Type: text/plain
>
> I've searched the archives and have found messages somewhat related to
> this, but nothing that actually helps. I'm using Evolution 1.4.5; it's
> old and I'd love to upgrade everything but that is not an option at this
> time.
What OS is this on?
> In the past I've saved what I gather are called in line signatures to a
> file and verified them with no problem. It never occurred to me that
> saving the multi part messages that Evolution creates when you sign one
> of your own messages would be a problem. The multi part messages are
> convenient, but if the only place that you can verify a specific message
> from is the email client that it was sent from (and the original
> recipient), it defeats a major purpose of digital signatures: proof of
> who sent it and that the message is unchanged.
>
> In a legal dispute the sender would look like a fool if he claimed it
> verified in the email program on his PC, but could not get it to verify
> anywhere else. The only other person who could verify the message, would
> be the person least likely to have any desire to assist.
>
> I've spent hours trying to get a signed message out of the sent folder
> of Evolution. Using a message with an in line signature as an example
> and gpg error messages, I've gotten to the point that gpg will try to
> verify it but it always verifies bad.
>
> That is not surprising since Evolution breaks very long URLs into 2 or
> three lines, converts copyright symbols to =C2=A9, adds =20 here and
> there (I think blanks at the end of a line), adds returns (^M) at the
> end of every line in the message area. Something I saw suggested this
> was part of the standard? I've fixed everything I could find and tried
> it with and without the returns and with and without spaces for =20 and
> all verify bad.
>
> Is there anything that I can do to get a signed email out of Evolution
> 1.4.5 as verifiable plain text. It's pretty important and any assistance
> would be much appreciated. I'm willing to do just about anything,
> include resend it to someone who has a client that will save it in a way
> that it can be verified. Privacy is not a concern, as I plan to post
> this email to my web site. But the second sentence says "Please note
> that this is a digitally signed document, and legal notice . . ." and it
> will look pretty dumb if I have to explain why it won't verify.
>
> In the future, I will prepare and sign important documents outside of
> Evolution, and paste them in when they're ready, if I can't find
> something better.
>
> George Shaffer
> --
> For my GnuPG key ID and fingerprint see http://geodsoft.com/about/
I think you are mistaken on several things.
1. Evolution does NOT use in-line. It has always used OpenPGP/MIME
and always will. It doesn't even have the capacity to handle in-line.
At least it has been that way with every version that I have used.
2. The standard for mailing is to add ^Ms at the end of every line for
transmission.
3. The instant you change ONE character in the body it will never vary.
4. I will look at the sent folder, but I have learned to either Cc:
or Bcc: myself. In fact, I have it set to do BOTH, and delete
the one I don't want to use manually. I don't trust the sent
folder because I don't think it signs the messages properly there.
5. I am using Evolution on 2.0.4 on Fedora Core 3 Linux (I was going to
recently update to FC6 and the install failed on a trial machine).
This message is signed. My Key ID is 5BA96FAC. The key is on the
servers, but it's fingerprint and the checksum of the file with the
key in it I will send to you is:
9D55 B232 80B0 D623 E1A1 EECC AF74 19BF 5BA9 6FAC
91df314d349879384b36e70905f9d3d9cdeb5675
hhhobbit_at_securemecca.net.asc
HHH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20070321/7844a75b/attachment.pgp
From hhhobbit at securemecca.net Wed Mar 21 22:59:39 2007
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Wed, 21 Mar 2007 15:59:39 -0600
Subject: Saving a gpg signed message as plain text from Evolution?
In-Reply-To: <1174513747.4664.16.camel@sirius.brigham.net>
References:
<1174513747.4664.16.camel@sirius.brigham.net>
Message-ID: <1174514379.4664.23.camel@sirius.brigham.net>
OOPS.
Please delete the previous message. We are going out of
group for some tests on his old version of Evolution.
Sorry
HHH
From ewrobinson at fedex.com Thu Mar 22 14:30:55 2007
From: ewrobinson at fedex.com (Eric Robinson)
Date: Thu, 22 Mar 2007 08:30:55 -0500
Subject: Erroneous char at the end of a file...
In-Reply-To: <20070321194657.2843.qmail@web63407.mail.re1.yahoo.com>
Message-ID:
Thanks for the response... My hands are a little tied, GPG is 'embedded'
in our application and can't change any values or parms at all.
GPG v1.2.4
Encrypt string:
--passphrase-fd 0 --no-tty --batch --sign --encrypt --compress-algo 1
--cipher-algo cast5
I do not know what the customers decrypt string is.
Not familiar with --textmode I'll look it up on the site.
Yes, --armour is a parm that I can toggle back and forth.
Not familiar with --no-mangle-dos-filenames
Thanks,
Eric
-------------------------------------
Eric Robinson
Business Application Advisor
FedEx Corporate Services
Internet Engineering & EC Integration
901.263.5749
-------------------------------------
-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of oryann9
Sent: Wednesday, March 21, 2007 2:47 PM
To: gnupg-users at gnupg.org
Subject: Re: Erroneous char at the end of a file...
Hello,
What version of GPG are you using?
What is your encrypt and decrypt strings?
Are you aware of --textmode if platforms differ?
And --armour and --no-mangle-dos-filenames?
--- Eric Robinson wrote:
> Hello Group,
> I have a customer that is getting erroneous characters in the data at
> the end of a file (looks like ASCII ?) when they decrypt. This does
> not happen for every file.
>
> This customer is decrypting our GPG encrypted file with Authora's Edge
> 2.5.1
>
> We have looked at the data before the GPG encryption and It is clean
> and
> free of characters
>
> Has anyone seen this type of issue with Authora's Edge software? I
> would appreciate any help at all.
>
>
> Thanks,
> Eric
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
________________________________________________________________________
____________
Now that's room service! Choose from over 150,000 hotels in 45,000
destinations on Yahoo! Travel to find your fit.
http://farechase.yahoo.com/promo-generic-14795097
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From oryann9 at yahoo.com Thu Mar 22 15:00:18 2007
From: oryann9 at yahoo.com (oryann9)
Date: Thu, 22 Mar 2007 07:00:18 -0700 (PDT)
Subject: Erroneous char at the end of a file...
In-Reply-To:
Message-ID: <241971.42473.qm@web63414.mail.re1.yahoo.com>
--- Eric Robinson wrote:
> Thanks for the response... My hands are a little
> tied, GPG is 'embedded'
> in our application and can't change any values or
> parms at all.
>
> GPG v1.2.4
> Encrypt string:
>
> --passphrase-fd 0 --no-tty --batch --sign --encrypt
> --compress-algo 1
> --cipher-algo cast5
>
> I do not know what the customers decrypt string is.
>
> Not familiar with --textmode I'll look it up on
> the site.
>
> Yes, --armour is a parm that I can toggle back and
> forth.
>
> Not familiar with --no-mangle-dos-filenames
>
>
> Thanks,
> Eric
>
> Hello,
>
> What version of GPG are you using?
> What is your encrypt and decrypt strings?
> Are you aware of --textmode if platforms differ?
> And --armour and --no-mangle-dos-filenames?
>
>
> --- Eric Robinson wrote:
>
> > Hello Group,
> > I have a customer that is getting erroneous
> characters in the data at
> > the end of a file (looks like ASCII ?) when they
> decrypt. This does
> > not happen for every file.
> >
> > This customer is decrypting our GPG encrypted file
> with Authora's Edge
> > 2.5.1
> >
> > We have looked at the data before the GPG
> encryption and It is clean
> > and
> > free of characters
> >
> > Has anyone seen this type of issue with Authora's
> Edge software? I
> > would appreciate any help at all.
> >
> >
> > Thanks,
> > Eric
> >
Sorry for top posting....
ok yes please look at the man page for those
parameters. If you cannot change these parameters,
then please work with the app vendor who developed
this app, but if its not causing any detremental data
issues then you could parse these erroneous out using
Perl or Shell???
____________________________________________________________________________________
Never miss an email again!
Yahoo! Toolbar alerts you the instant new Mail arrives.
http://tools.search.yahoo.com/toolbar/features/mail/
From ran.rutenberg at gmail.com Mon Mar 19 06:04:52 2007
From: ran.rutenberg at gmail.com (Ran Rutenberg)
Date: Mon, 19 Mar 2007 05:04:52 +0000
Subject: Documentation for GnuPG
Message-ID: <3ed79ed40703182204i4c57756eo485bb7326c03db08@mail.gmail.com>
Dear Users,
I would like to start using GnuPG but I can't find any updated
documentation (e.g. User Guides, HOWTOs etc.).
I would be glad if someone would be able to point me out on where can
I find updated documentation.
Sincerely,
Ran Rutenberg
From crypt at sibinco.ru Thu Mar 22 08:53:59 2007
From: crypt at sibinco.ru (=?utf-8?b?0JrQvtC90YHRgtCw0L3RgtC40L0g0JLQtdGA0LHQsA==?=)
Date: Thu, 22 Mar 2007 13:53:59 +0600
Subject: gpg card reading problem
Message-ID: <200703221353.59896.crypt@sibinco.ru>
Hello, I can't use my card with gnupg and asedrive iiie usb card reader.
-- System logs:
Mar 21 16:29:54 rimex pcscd: Card ATR: 3B 95 15 40 FF 68 01 02 45 47
Mar 21 16:30:04 rimex pcscd: prothandler.c:130:PHSetProtocol() Attempting PTS
to T=0
Mar 21 16:32:19 rimex pcscd: prothandler.c:130:PHSetProtocol() Attempting PTS
to T=0
But...
rimex ~ # gpg --card-status
gpg: WARNING: unsafe ownership on configuration file
`/home/crypt/.gnupg/gpg.conf'
gpg: DBG: connection to agent established
scdaemon[7264]: no supported card application found: Card error
gpg-agent[7263]: command learn failed: Card error
gpg: OpenPGP card not available: Card error
scdaemon[7264]: updating status of slot 0 to 0x0007
scdaemon[7264]: client pid is 7263, sending signal 12
rimex ~ # scdaemon[7264]: scdaemon (GnuPG) 2.0.1 stopped
rimex ~ # opensc-tool -a
iso7816.c:99:iso7816_check_sw: Instruction code not supported or invalid
iso7816.c:458:iso7816_select_file: returning with: Unsupported INS byte in
APDU
card.c:563:sc_select_file: returning with: Unsupported INS byte in APDU
3b:95:15:40:ff:68:01:02:45:47
iso7816.c:99:iso7816_check_sw: Instruction code not supported or invalid
iso7816.c:458:iso7816_select_file: returning with: Unsupported INS byte in
APDU
card.c:563:sc_select_file: returning with: Unsupported INS byte in APDU
rimex ~ #
So this is the testpcsc info:
MUSCLE PC/SC Lite unitary test Program
THIS PROGRAM IS NOT DESIGNED AS A TESTING TOOL FOR END USERS!
Do NOT use it unless you really know what you do.
Testing SCardEstablishContext : Command successful.
Testing SCardIsValidContext : Command successful.
Testing SCardIsValidContext : Invalid handle. (don't panic)
Testing SCardGetStatusChange
Please insert a working reader : Command successful.
Testing SCardListReaderGroups : Command successful.
Command successful.
Group 01: SCard$DefaultReaders
Testing SCardListReaders : Command successful.
Command successful.
Reader 01: AseIIIeUSB 00 00
Waiting for card insertion : Command successful.
Testing SCardConnect : Command successful.
Select file: 00 A4 00 00 02 3F 00
Testing SCardTransmit : Command successful.
card response: 6D 00
Testing SCardControl : Command successful.
Testing SCardGetAttrib : Feature not supported. (don't panic)
Testing SCardGetAttrib : Feature not supported. (don't panic)
Testing SCardGetAttrib : Feature not supported. (don't panic)
Testing SCardGetAttrib : Feature not supported. (don't panic)
Testing SCardGetAttrib : Feature not supported. (don't panic)
Testing SCardSetAttrib : Command successful.
Testing SCardStatus : Command successful.
Current Reader Name : AseIIIeUSB 00 00
Current Reader State : 0x0034
Current Reader Protocol : T=0
Current Reader ATR Size : 10 bytes
Current Reader ATR Value : 3B 95 15 40 FF 68 01 02 45 47
Press enter: Testing SCardReconnect : Command successful.
Testing SCardDisconnect : Command successful.
Testing SCardReleaseContext : Command successful.
PC/SC Test Completed Successfully !
Card type is cryptoflex or cyberflex.
Is it possible to make it work??
From cmzlwnql at trashmail.net Thu Mar 22 12:12:26 2007
From: cmzlwnql at trashmail.net (redstar)
Date: Thu, 22 Mar 2007 11:12:26 +0000 (UTC)
Subject: why gpg use SHA1 instead of pref???
Message-ID:
Hi
Its question of why gpg use SHA1 hash encryption of message. For testing I send
message to self and pgpdump will show RIPEMD160 in hash of signing, its normal
expectation of my prefs. But for encryption its use of hash SHA1. Here is some
printout:
$ gpg --edit-key foo
gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Secret key is available.
pub 1024D/7645B413 created: 2007-03-08 expires: 2007-04-07 usage: SC
trust: ultimate validity: ultimate
sub 2048g/2A031F9B created: 2007-03-08 expires: 2007-04-07 usage: E
sub 2048R/8C905961 created: 2007-03-08 expires: 2007-04-07 usage: S
sub 2048R/D9C8767A created: 2007-03-08 expires: 2007-04-07 usage: E
[ultimate] (1). testing key
Command> showpref
[ultimate] (1). testing key
Cipher: CAST5, 3DES, BLOWFISH, TWOFISH, AES256, AES192
Digest: RIPEMD160, SHA512, SHA256, SHA384, SHA1, MD5
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
Command> pref
[ultimate] (1). testing key
S3 S2 S4 S10 S9 S8 H3 H10 H8 H9 H2 H1 Z2 Z3 Z1 Z0 [mdc] [no-ks-modify]
Command>
$ pgpdump foomessage.gpg
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0xB1CAB8AFD9C8767A
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2048 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
New: Symmetrically Encrypted and MDC Packet(tag 18)(70 bytes)
Ver 1
Encrypted data [sym alg is specified in pub-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
What I must do for using RIPEMD160 hash of encryption??? Its normal because
encryption specifications requirements? Or its error of gpg?
Why he will use RSA encryption as other symmetric ciphers like CAST5, 3DES,
BLOWFISH,, in prefs, and, RSA its not in prefs list?
Sorry of bad enlish.!
redstar
From dshaw at jabberwocky.com Thu Mar 22 23:54:53 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 22 Mar 2007 18:54:53 -0400
Subject: why gpg use SHA1 instead of pref???
In-Reply-To:
References:
Message-ID: <20070322225453.GA23909@jabberwocky.com>
On Thu, Mar 22, 2007 at 11:12:26AM +0000, redstar wrote:
> New: Symmetrically Encrypted and MDC Packet(tag 18)(70 bytes)
> Ver 1
> Encrypted data [sym alg is specified in pub-key encrypted session key]
> (plain text + MDC SHA1(20 bytes))
>
> What I must do for using RIPEMD160 hash of encryption??? Its normal because
> encryption specifications requirements? Or its error of gpg?
The MDC is always SHA-1. It is fixed as part of the protocol.
> Why he will use RSA encryption as other symmetric ciphers like CAST5, 3DES,
> BLOWFISH,, in prefs, and, RSA its not in prefs list?
The type of public-key encryption is defined by what type of key you
are encrypting to. An RSA key means RSA encryption. The symmetric
ciphers are not relevant to this question.
David
From cmzlwnql at trashmail.net Sun Mar 25 18:53:54 2007
From: cmzlwnql at trashmail.net (redstar)
Date: Sun, 25 Mar 2007 16:53:54 +0000 (UTC)
Subject: why gpg use SHA1 instead of pref???
References:
<20070322225453.GA23909@jabberwocky.com>
Message-ID:
David Shaw jabberwocky.com> writes:
> > New: Symmetrically Encrypted and MDC Packet(tag 18)(70 bytes)
> > Ver 1
> > Encrypted data [sym alg is specified in pub-key encrypted session key]
> > (plain text + MDC SHA1(20 bytes))
> >
> > What I must do for using RIPEMD160 hash of encryption??? Its normal because
> > encryption specifications requirements? Or its error of gpg?
>
> The MDC is always SHA-1. It is fixed as part of the protocol.
>
> > Why he will use RSA encryption as other symmetric ciphers like CAST5, 3DES,
> > BLOWFISH,, in prefs, and, RSA its not in prefs list?
>
> The type of public-key encryption is defined by what type of key you
> are encrypting to. An RSA key means RSA encryption. The symmetric
> ciphers are not relevant to this question.
i try to answer this few days before it but it was not post on list so now, i
post again.
but, its confusing output of pgpdump. plain text + SHA1 must be encrypt of
symmetric algorithm and after, its session key is encrypt of public key cipher.
im right or wrong? So why, he will use SHA1 in hash of symmetric key. its
expectation to use SHA1 hash with assymetric public key of receiver. or im not
understand you its really SHA1, with symmetric key its part of protocol??
how its possible to know which symmetric algorithm it was used to encrypt
message? how i must obtain this informtation from pgpdump?
i think, it will be very good if well have some matrix of prefs, which
assymetric and symmetric algorithm he will use in all this cases. thanks David
to help all peoples of gpg list!!
From randux at Safe-mail.net Wed Mar 28 02:03:39 2007
From: randux at Safe-mail.net (randux at Safe-mail.net)
Date: Wed, 28 Mar 2007 03:03:39 +0300
Subject: Signature version line not protected against alteration
Message-ID:
Greetings all,
I came upon something a bit odd in gnupg 1.4.7. I found I can change the comment field in a signed message to be whatever I like. I should think this is a bad thing as an attacker could insert text in a message presumably protected against all modifications if the signature verifies properly.
I'm hoping the attachments won't be corrupted by my emailer. The first attachment is the clearsigned message. I altered the comment field manually after creating the .asc. The second attachment is the public key so you can verify that the clearsigned message is valid.
Thanks loads to everyone whos worked on gnupg. It's a brilliant app and an important one at that.
Cheers,
Rand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: phil.zimmermann.asc
Type: application/pgp-signature
Size: 299 bytes
Desc: not available
Url : /pipermail/attachments/20070328/01eca3a3/attachment.pgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: phil.pub
Type: application/octet-stream
Size: 1767 bytes
Desc: not available
Url : /pipermail/attachments/20070328/01eca3a3/attachment.obj
From dshaw at jabberwocky.com Wed Mar 28 05:25:58 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 27 Mar 2007 23:25:58 -0400
Subject: Signature version line not protected against alteration
In-Reply-To:
References:
Message-ID: <20070328032558.GA28900@jabberwocky.com>
On Wed, Mar 28, 2007 at 03:03:39AM +0300, randux at Safe-mail.net wrote:
> Greetings all,
>
> I came upon something a bit odd in gnupg 1.4.7. I found I can change
> the comment field in a signed message to be whatever I like. I
> should think this is a bad thing as an attacker could insert text in
> a message presumably protected against all modifications if the
> signature verifies properly.
The "comment" and "version" armor fields are both essentially
comments, and are ignored by the OpenPGP protocol. You can change
either of them to whatever you like.
David
From vedaal at hush.com Wed Mar 28 17:55:22 2007
From: vedaal at hush.com (vedaal at hush.com)
Date: Wed, 28 Mar 2007 11:55:22 -0400
Subject: --passphrase option // can two different passphrases be used in the
same command?
Message-ID: <20070328155523.09D62DA844@mailserver7.hushmail.com>
a question came up yesterday on the alt.security.pgp list
someone was trying to sign and symmetrically encrypt a message,
and wanted to do this as one command, first entering the passphrase
for signing, and then entering a different passphrase for
symmetrical encryption,
and could not get it to work
i tried many different variations of this on the commandline,
and it seems that gnupg (1.4.7) recognizes only the second
passphrase listed
if the second passphrase is the correct one for the signing key,
then the message will be signed but also symmetrically encrypted
with the same passphrase (the passphrase for the signing key)
example:
c:\gnupg>gpg --armor --passphrase sss -c -u aaaa1 -s --passphrase
aaaa1 c:\1.txt
You need a passphrase to unlock the secret key for
user: "aaaa1 "
2048-bit RSA key, ID F9015496, created 2005-12-01
gpg: TWOFISH encryption will be used
gpg: writing to `c:\1.txt.asc'
gpg: RSA/SHA256 signature from: "F9015496 aaaa1 "
this message decrypts with the passphrase aaaa1, but not with the
passphrase sss
if the second passphrase is the symmetric encryption passphrase,
then gnupg will abort
example:
c:\gnupg>gpg --armor --passphrase aaaa1 -u aaaa1 -s -c --passphrase
sss c:\1.txt
You need a passphrase to unlock the secret key for
user: "aaaa1 "
2048-bit RSA key, ID F9015496, created 2005-12-01
gpg: skipped "aaaa1": bad passphrase
gpg: c:\1.txt: sign+symmetric failed: bad passphrase
is there a way to direct gnupg to remember one passphrase for
signing,
and another one for symmetrically encrypting?
this might be useful for some automated messages,
otherwise, the simple workaround is just to do:
gpg --armor -u keyname -s -c filename
and enter the passphrases separately at each of the gpg prompts
tia,
vedaal
--
Click for home mortgage, fast & free, no lender fee, approval today
http://tagline.hushmail.com/fc/CAaCXv1QbtbAM5lao4GFSo9WIpRelaQq/
From wk at gnupg.org Thu Mar 29 10:06:59 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 29 Mar 2007 10:06:59 +0200
Subject: --passphrase option // can two different passphrases be used in
the same command?
In-Reply-To: <20070328155523.09D62DA844@mailserver7.hushmail.com>
(vedaal@hush.com's message of "Wed\, 28 Mar 2007 11\:55\:22 -0400")
References: <20070328155523.09D62DA844@mailserver7.hushmail.com>
Message-ID: <87fy7opj6k.fsf@wheatstone.g10code.de>
On Wed, 28 Mar 2007 17:55, vedaal at hush.com said:
> is there a way to direct gnupg to remember one passphrase for
> signing,
> and another one for symmetrically encrypting?
Not with the --passhrase* options. You need to employ the
--command-fd interface if you want better control over the
passphrase. GPGME makes this easier.
Shalom-Salam,
Werner
From ublument at Bear.com Fri Mar 30 17:09:58 2007
From: ublument at Bear.com (Blumenthal, Uri)
Date: Fri, 30 Mar 2007 11:09:58 -0400
Subject: Problem interoperating with PGP Univeral?
Message-ID:
I am trying to get cleartext-signed PGP/MIME messages produced by PGP
Universal 2.5.3, verified by email clients (Thunderbird-1.5.0.10 +
Enigmail-0.94.2 + GPG-1.4.7).
So far my experience is:
- Pure plaintext (neither PGP/MIME nor PGP/Partitioned) messages are
verified OK.
- PGP/MIME encrypted and signed messages are decrypted and verified OK.
- PGP/MIME or PGP/Partitioned messages (HTML body and/or attachments)
fail signature verification, with error message from GPG:
Cleartext signature without data
I've submitted help request to Enigmail list, but perhaps somebody here
can advise me regarding this issue? Maybe there are settings at PGP
Universal that should be changed to make its output "friendlier"? Or
maybe there are GPG setting that would allow verification of those
emails?
I'll be grateful for any help!
Thank you!
--
Regards,
Uri Blumenthal
***********************************************************************
Bear Stearns is not responsible for any recommendation, solicitation,
offer or agreement or any information about any transaction, customer
account or account activity contained in this communication.
***********************************************************************
From patrick at mozilla-enigmail.org Sat Mar 31 23:29:54 2007
From: patrick at mozilla-enigmail.org (Patrick Brunschwig)
Date: Sat, 31 Mar 2007 23:29:54 +0200
Subject: Problem interoperating with PGP Univeral?
In-Reply-To:
References:
Message-ID:
Blumenthal, Uri wrote:
> I am trying to get cleartext-signed PGP/MIME messages produced by PGP
> Universal 2.5.3, verified by email clients (Thunderbird-1.5.0.10 +
> Enigmail-0.94.2 + GPG-1.4.7).
>
> So far my experience is:
>
> - Pure plaintext (neither PGP/MIME nor PGP/Partitioned) messages are
> verified OK.
>
> - PGP/MIME encrypted and signed messages are decrypted and verified OK.
>
> - PGP/MIME or PGP/Partitioned messages (HTML body and/or attachments)
> fail signature verification, with error message from GPG:
>
> Cleartext signature without data
>
> I've submitted help request to Enigmail list, but perhaps somebody here
> can advise me regarding this issue? Maybe there are settings at PGP
> Universal that should be changed to make its output "friendlier"? Or
> maybe there are GPG setting that would allow verification of those
> emails?
>
> I'll be grateful for any help!
>
> Thank you!
I can provide some more details on this. GnuPG 1.4.7 returns with this
error message "gpg: can't handle this ambiguous signature data".
This is the detached signature that comes with such a message:
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.5.3
qANQR1DEDQMBAhH9zteyosL+MwHCPwMFAUYL2iX9zteyosL+MxECC8QAnRhWP2Sx
Ex7VcRL+wBVB2C7lksYAAKCYHvRP7E8vA5jKNgigU0o4kbFn4w==
=lOCI
-----END PGP SIGNATURE-----
-Patrick
From dshaw at jabberwocky.com Sat Mar 31 23:51:47 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat, 31 Mar 2007 17:51:47 -0400
Subject: Problem interoperating with PGP Univeral?
In-Reply-To:
References:
Message-ID: <20070331215147.GB21090@jabberwocky.com>
On Sat, Mar 31, 2007 at 11:29:54PM +0200, Patrick Brunschwig wrote:
> Blumenthal, Uri wrote:
> > I am trying to get cleartext-signed PGP/MIME messages produced by PGP
> > Universal 2.5.3, verified by email clients (Thunderbird-1.5.0.10 +
> > Enigmail-0.94.2 + GPG-1.4.7).
> >
> > So far my experience is:
> >
> > - Pure plaintext (neither PGP/MIME nor PGP/Partitioned) messages are
> > verified OK.
> >
> > - PGP/MIME encrypted and signed messages are decrypted and verified OK.
> >
> > - PGP/MIME or PGP/Partitioned messages (HTML body and/or attachments)
> > fail signature verification, with error message from GPG:
> >
> > Cleartext signature without data
> >
> > I've submitted help request to Enigmail list, but perhaps somebody here
> > can advise me regarding this issue? Maybe there are settings at PGP
> > Universal that should be changed to make its output "friendlier"? Or
> > maybe there are GPG setting that would allow verification of those
> > emails?
> >
> > I'll be grateful for any help!
> >
> > Thank you!
>
> I can provide some more details on this. GnuPG 1.4.7 returns with this
> error message "gpg: can't handle this ambiguous signature data".
>
> This is the detached signature that comes with such a message:
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Universal 2.5.3
>
> qANQR1DEDQMBAhH9zteyosL+MwHCPwMFAUYL2iX9zteyosL+MxECC8QAnRhWP2Sx
> Ex7VcRL+wBVB2C7lksYAAKCYHvRP7E8vA5jKNgigU0o4kbFn4w==
> =lOCI
> -----END PGP SIGNATURE-----
That's just a regular signature. How does Enigmail call GPG to do the
verification?
David
From office at dotdoms.com Wed Mar 28 16:06:42 2007
From: office at dotdoms.com (dotdoms)
Date: Wed, 28 Mar 2007 07:06:42 -0700 (PDT)
Subject: how to only signate a mail by GnuPG, command line?
Message-ID: <9714450.post@talk.nabble.com>
Hello,
I am brand new to PGP and GnuPG, so my question might sound dumb, but I am
really stuck for days now, so I hope and would be thankful to probably
receive some answer here.
I am trying to send a GnuPG signe email by PHP. The PHP part of it isn?t
really a problem to me, but I don?t get the correct command line for GnuPG
to do as I need.
I tried so far that:
gpg -o signature_file.txt --clearsign original_file.txt
The point is I don?t know the syntax how to add the Emailadress/Key ID which
should sign the signature_file. E.g. something like that (allthough that
obviously ain?t the correct syntax):
gpg -o signature_file.txt --clearsign original_file.txt
myemailadress at domain.tld
Thx in advance :)
best regards, dd
--
View this message in context: http://www.nabble.com/how-to-only-signate-a-mail-by-GnuPG%2C-command-line--tf3480533.html#a9714450
Sent from the GnuPG - User mailing list archive at Nabble.com.
From rjkunkel at fuse.net Fri Mar 23 19:26:39 2007
From: rjkunkel at fuse.net (rjkunkel)
Date: Fri, 23 Mar 2007 11:26:39 -0700 (PDT)
Subject: gpg doesn't seem to execute within windows application
Message-ID: <9640662.post@talk.nabble.com>
We are running a windows application that allows us to call a batch program
or executable. I can run gpg with not problem from the DOS Command prompt
under Windows XP. WHen I try to run it under my application, it doesn't
seem to execute to create the encrypted file.
I am using the command line:
gpg -o enc_file -v -e -r "recipient name" sendfile
I put the -v to allow my application to capture the verbose text, but I
don't get any text back from the execution. The call is being made in the
application with spawnvp(_P_NOWAIT, xcmd, parms);
where
char xcmd[128];
char *parms[20];
Thanks,
Rob
--
View this message in context: http://www.nabble.com/gpg-doesn%27t-seem-to-execute-within-windows-application-tf3455573.html#a9640662
Sent from the GnuPG - User mailing list archive at Nabble.com.
From alexey_maslennikov at slashmail.org Sat Mar 24 23:00:42 2007
From: alexey_maslennikov at slashmail.org (Alexey Maslennikov)
Date: Sun, 25 Mar 2007 00:00:42 +0200 (IST)
Subject: ow to create secret key stub
Message-ID: <50684.85.130.148.85.1174773642.squirrel@slashmail.org>
Good time of day,
I have a smart card, which I successfully use on the computer I first
initialized it on.
I have another computer, and I want to use my smart card on this one too.
The question: how do I create secret key stub for my existing smart card key
on new computer?
Thank you in advance!
--
Alexey Maslennikov
From macfan21 at mac.com Tue Mar 27 18:02:51 2007
From: macfan21 at mac.com (Mark Dymek)
Date: Tue, 27 Mar 2007 12:02:51 -0400
Subject: No subject
Message-ID:
when i install gnupg 1.4.7 on a mac os x systerm where does the
executable file get installed? in other words where does gnupg live
on my system.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20070327/e604b87e/attachment.pgp